Comments

Clive Robinson March 28, 2025 10:58 PM

@ Bruce, ALL,

UK’s first permanent facial recognition cameras

Is the hook in the title,

https://www.theregister.com/2025/03/27/uk_facial_recognition/

But that is not exactly true there is that set of “private” cameras adjacent to London St Pancreas Railway Station.

This set of cameras in Croydon South East London,

“According to the police they will only be turned on when officers are in the area and in a position to make an arrest if a criminal is spotted.”

So a technology upgrade to what was once prior to Sir Robert Peal called “thief taking”.

Basically those of thuggish disposition in uniform just grabbing people off of the streets because they “look likely” to be criminals.

It takes no great brains to see how this will sink into iniquity, with a new variation on “The computer says…” from AI that almost certainly will be or become biased in how faces appear on the “Live Facial Recognition”(LFR) watchlist.

Worse as noted by Rebecca Vincent of “Big Brother Watch”,

“For its part, the Met’s ‘LFR watchlist’ expands beyond those suspected of criminal activity, including vulnerable persons and even victims of crimes.”

So further traumatising victims and putting them in fear of being treated like they have the curse and mark of Cain (Genesis book 4),

“Behold, Thou hast driven me out this day from the face of the land; and from Thy face shall I be hid; and I shall be a fugitive and a wanderer in the earth; and it will come to pass, that whosoever findeth me will slay me.'”

ResearcherZero March 29, 2025 4:03 AM

Thinking back to the Titanic, I’m reminded of some rats gathering aboard a ship which has hit an iceberg and are preparing to make a break for the lifeboats by shoving the women and children -and anyone else in the way- aside so that they can be prime positions to depart.

If one was such a great deal maker promising peace and security in Europe and the Middle East, then why exactly would they require another landmass for their own self defense?

“You have not done a good job by the people of America. You have underinvested in the people of America and you have underinvested in the security architecture of this incredible, beautiful land mass filled with incredible people. That has to change.”

JD Vance and friends are “failing” at securing the American homeland.

‘https://apnews.com/article/greenland-denmark-vance-visit-us-base-dd58fe169672042f803886da55ff3c0b

ResearcherZero March 29, 2025 5:22 AM

It may be worth taking extreme care when traveling through U.S. customs if doing scientific legal or journalistic work. Consider very carefully what you take with you when traveling.

‘https://www.theguardian.com/us-news/2025/mar/27/russian-scientist-harvard-medical-school-ice-detention

Clive Robinson March 29, 2025 9:21 AM

@ ALL,

“And so the surveillance hooks get secretly deeper.”

It’s become clear that AI in any form currently being pushed by the big Silicon Valley Corps is 100% about surveillance on the user.

Also with Apple getting such a kicking in response to it’s alleged anti CSAM “On Device Scanning” and Microsoft likewise getting kicking with it’s similar “grab to cloud” of everything a user does, supposedly to give the user “backup and mobility across devices” it to is an “On Device Scanner”.

Both of which are on the “plaintext” side of any security demarcation so all security like E2EE is completely nullified on the device[1].

This plaintext interface on device scanning is the latest step in unlawful unwarranted surveillance on individuals and a new “Backdoor battle” that has to be fought. Another name for it is “See What You See”(SWYS) and it is “big Corporate Brother” not just looking over your shoulder 100% of the time it also is there to “judge you” of what you might think as “thought crime” or the simple “right to be individual”.

Anyone daft enough to have signed up to social media should by now either know and don’t care, or are pressured by others in some way into using it. The simple fact is Meta and Alphabet/Google “are evil beyond comprehension” of most people.

So you might be thinking why has Google not jumped into SWYS surveillance?

Well the answer is they have but they have learnt from Apple and Microsoft’s mistakes and said nothing just slipped it in via the backdoor of an update…

Unfortunately Google did not test fully so some have found out the hard way that their systems,

“Are now to hot to handle.”

Because of it,

‘https://cloudisland.nz/@rmi/114219847307106213

This “boil the frog” behaviour Is why I poured cold water on the use of “Secure Messaging Apps” by pointing out that they were actually fairly pointless as the rest of the system was so badly designed it was effectively broken.

Look back at my posts about the communications endpoint and the security endpoint and how relatively easy it was to do an end run attack to the user plaintext interface if you doubt this.

I also pointed out that the protective mitifation was foundationally at least two fold,

1, Get the security endpoint beyond the communications endpoint (ie securely segregated or off device).
2, Break the communications path beeded for the surveilling by energy gapping in the lest difficult way (ie pencil and paper OTP crypto).

This is what those who desire even a modicum of privacy will have to start doing.

[1] I saw this coming quite some time ago as it became clear that there was a ramping up agenda to force everyone, not just “On-Line”, but into the “Cloud” as well. Whilst it is part of a switch to “rent seeking” via SaaS, prior to that it was to embed criminal activity on peoples devices via backdoored Apps etc. Users will be forced to Win-11 and that we now know will force all users not just to have a Microsoft “spy-on you” Account but be continuously on-line so the spying can be near realtime. This is because the Big Corporate Brother took note as people tried ever more to regain the privacy they once had.

Thus the advent of a multitude of “Encrypted Messaging” and similar Apps and the US Gov part funded “Let’s Encrypt” caused a form of panic not just in Law Enforcement Big Brother but his Bigger Corporate Brother in their “Might is Right” plans.

Thus “On-device scanning” of what the user sees has been the plan for some time (actually provably goes back to last century almost as soon as the internet got going). But for it to work it needs users to be connected to those doing the surveillance.

As anyone who has actually read the UK RIPA 2000 legislation and the later 2016 “snoopers charter” update will have realised that back last century “On-Device Scanning” of “user plaintext” was the objective of the UK Government from under UK Prime Minister Tony Blair. Thus presumably the plan of the Security Services be they agencies or law enforcement, as reading some of the UK “Association of Chief Police Officers”(ACPO) reports also confirm this.

Clive Robinson March 29, 2025 10:22 AM

@ ResearcherZero,

With regards,

“If one was such a great deal maker promising peace and security in Europe and the Middle East, then why exactly would they require another landmass for their own self defense?”

There is a 1950’s treaty already in place that allows the US access for setting up installations for “defence purposes”

So it’s clearly not for “defence”. Likewise nice as it is if you like rugged landscapes and winter weather, it’s no great value for growing food and other agriculture.

And the number of people there would not even fill some US towns, in part because although there is land it’s not exactly habitable in the urban sense. And lets just say building skyscrapers etc would not be a good idea either. So “growing room” is out.

But… It’s ontop of vast mineral etc resources…

So the real reason is the same as Russia’s for the last thousand years or so. Occupy enslave and pillage as “Rights of Empire” it’s exactly why Russia has gone after the Ukraine.

It’s because authoritarians especially their leaders really could not think their way out of a wet paper bag except by making it rotten.

I’ve warned for well over a decade what has been coming and you can look back on this blog where I’ve made it clear the two hotspots were the Middle East around Iran. And Asia around China where I expected things to go WWIII.

Unfortunately for the likes of John Bolton both Iran and China do actually think ahead thus have so far avoided conflict with the US no matter how US authoritarians have tried to provoke things.

The other place US authoritarians hate is Europe, because it clearly shows that socially the US is a failed society and has doomed it’s citizens “for the few” and now the cupboard is completely empty having been squandered by the self entitled.

Hence the usually not said but active attitude of the GOP authoritarians that Europe has to be destroyed. It leaked out in Trumps first term when his selected ambassador to europe straight up told EU diplomates his job was to destroy europe… Now we have Trumps close clique, coterie, or cabal –take your noun pick– caught out on a Signal Group Chat saying the same thing. Further US behaviour in the Middle East was deliberately designed to create a refugee crisis that really only had one choice move into Europe to overwhelm it.

But as I’ve indicated China has been cornering world wide raw resources via various techniques with untapped resources in Africa and South America in their cross hairs. Russia seeing it was “falling behind” decided on pushing into both Africa and Europe.

The GOP authoritarians seeing they are falling behind have decided North America, the North pole and Atlantic environs now belong to them by “Right of Might” and no doubt if they get them then South America, the South Pole and the Pacific will be next.

That is the game we are seeing being put on the board, all that is now required is “a match to the powder” to legitimise it with a major war of conquest falsely called “liberation”.

I’m hoping genuine “natural causes” claims me first as I’m to old to do anything other than protest now and morn when it happens.

Dancing on thin ice March 29, 2025 12:03 PM

“Loose lips sink ships” used to be stressed by the US military.
If regular troops were communicating through hackable means like Signal they’d be in the brig.
DOGE plans on taking only months to replace COBAL even thougfh properly doing it without mistakes or interuptions in sevices is estimated to be 5 years.
Media outlets are self-censored themselves to avoid criticism or scrutiny.
Government security has taken a back seat lately.

A security blog should have much better coverage about security issues currently happening that for years iit has had raised concerns about.

Winter March 29, 2025 12:58 PM

@Clive

Hence the usually not said but active attitude of the GOP authoritarians that Europe has to be destroyed.

Now we have Trumps close clique, coterie, or cabal –take your noun pick– caught out on a Signal Group Chat saying the same thing.

It is disconcerting to see that our security and future depend on the incompetence of the American and Russian administrations. The only light I see is that their incompetence and corruption rival and even surpass their imperical aspirations.

In the case of the US, I see a tight race between the takeover of the felon in chief and the collapse of the federal union. If EM succeeds to destroy the federal layerd faster than his master can fasten his grip, there will not be a United States anymore to take over, just States.

Also, the sheer foolishness of the American oligarchs strikes me, who have not remembered how Putin got his oligarchs in check. The American Chavez has never hid his admiration of Putin. So he will certainly do the same to the tech bros.

Clive Robinson March 29, 2025 1:13 PM

@ Dancing on thin ice,

“Media outlets are self-censored themselves to avoid criticism or scrutiny.”

Why do you surmise that might be happening?

Could it be that journalists nolonger have the protections they used to have?

How about the fact that all their electronic and I assume other communications are “under surveillance” to find out who they are talking to?

The US currently has a President who we know is not just venal but stupid and quite happy to extort millions of dollars out of people for him, his wife or other “favoured ones”. And more than happy to ignore the judiciary and their legal rulings.

Now consider that ICE has become a political tool, and have the right to detain and imprison indefinitely “pending trial” –that won’t happen– those that they chose to “under” such guidance, even if they are US citizens.

Is it any surprise people are treading with caution?

ResearcherZero March 29, 2025 1:19 PM

@Clive Robinson

I hope the same. In fact I’m making sure my will is up to date and considering fishing in more remote and hard to access areas, which are rarely visited and sparsely populated. 😉

You raised in interesting point with your question about an AI that could provide optimal reading material suggestions. This relates to something I have been thinking about in relation to experience within a workplace. What happens when key personnel, which held the long-term institutional knowledge and experience, are cut from the organisation? Where does that agency or department find the answers that it needs to solve a challenging problem?

Another problem arises too. The knowledge regarding the types of challenges that are likely to occur and the solutions may also be lost. The so called ‘secret sauce’ that made it good at what it did, and the special skills and know how that had been built over decades. Will the people who are now in charge even pause to listen to anyone knowledgeable still there?

The following is from the transcript of a talk on Action, Inaction and Incompetence:

“As Americans, we’re predisposed to thinking about change more than continuity. Especially we tend to be enamored with technological change. What you often hear is, hey, really? Really, the next war is going to be fundamentally different from all those that have gone before it.

“But actually, when you look at war across the sweep of history, you see that wars resemble each other more than they resemble any other human activity. And when we try to take lessons from just technological development in the civilian sector, like Moore’s Law and computing power, for example. And apply it to war and assume that, hey, what this means is there’s going to be a revolution in military affairs. Next time you hear that, the revolution military affairs, you look for the exits because something bad’s about to happen.” ~ H.R. McMaster

‘https://www.policyed.org/lessons-hoover-policy-boot-camp/strategic-competence/video-0

If you only have a hammer, everything looks like a nail.
https://www.opendemocracy.net/en/25-years-failed-wars-paul-rogers-the-insecurity-trap/

Dancing on thin ice March 29, 2025 1:40 PM

@ Clive Robinson

Valid points that could be covered in more detail here to counter what the general public is hearing about what is going on. Including input from how this is viewed overseas such as by yourself.

One of the 2 articles here on what is part of the biggest group of security issues in decades had a few trolls that had never visited this blog before argueing about politics vs technical or best practices merits.
The WP change of editorial content at least let readers know they no longer followed their motto: “Democracy dies in darkness”

not important March 29, 2025 7:07 PM

The Cognitive DAO—Intelligence Without a Mind
https://www.psychologytoday.com/us/blog/the-digital-self/202503/the-cognitive-dao-
intelligence-without-a-mind

=Large models perform knowing without internal awareness.
The Cognitive DAO is a prototype for post-cognitive intelligence.

Large language models don’t simulate our thinking, they demonstrate an entirely different model of knowing. They operate by assembling meaning probabilistically, drawing on latent structures without recalling anything in the traditional sense. They produce useful, even startling responses without possessing awareness or continuity.

In technical terms, a DAO (decentralized autonomous organization) operates without central leadership. It’s governed by protocols. Rules emerge through interactions between nodes in the system, not from any overarching intelligence.

The Cognitive DAO doesn’t reflect on itself—it behaves. It doesn’t remember—it reorganizes in real time. It doesn’t ask who it is—it simply acts, continuously and adaptively.

The question isn’t whether human thought still matters—it’s how it fits into a broader ecology of intelligence that is no longer built in our image. And “build in our image” has deep philosophical and religious implications that may leave us both confused and concerned.=

Clive Robinson March 30, 2025 1:11 PM

@ not important,

“In technical terms, a DAO (decentralized autonomous organization) operates without central leadership. It’s governed by protocols. Rules emerge through interactions between nodes in the system, not from any overarching intelligence.”

In short to put in a way most have seen at some point, it functions like “Conway’s Game of Life”.

But not only no intelligence, no reason, and importantly no agency to gain awareness and environmental context.

Which brings us to,

“They operate by assembling meaning probabilistically, drawing on latent structures without recalling anything in the traditional sense. They produce useful, even startling responses without possessing awareness or continuity.”

They are in effect “a filter” that forms a response curve based on probability that is adaptive.

As I’ve previously indicated the equivalent of a “DSP Adaptive filter”. The only “memory” in the system is the “filter weights” based on the multidimensional spectrums that results from the tokenisation vectors.

In effect the filter is a “one way function”, kind of like a “Galton board” or “pin board” that produces a spectral curve that generally demonstrates a “normal distribution” but,

“Boards can be constructed for other distributions by changing the shape of the pins or biasing them towards one direction, and even bimodal boards are possible.”

https://en.m.wikipedia.org/wiki/Galton_board

Thus you “change the weight” at each node…

Is this “knowing” because it’s certainly not “articulable information”. Arguably it’s not even an “engine” and it lacks recursion so it’s not a Turing engine. Likewise LLM’s do not have “recursion”.

But a Galton board can be given recursion “in theory” by making it like a “pin ball machine”… But it still will not be able to tell you what the “weights” encode for.

lurker March 30, 2025 1:33 PM

@ not impportant

The article is so much like:

“The true DAO cannot be defined in words. […] The DAO which can be seen is not the true DAO.” Zhuangzi, II.7

not important March 30, 2025 5:36 PM

https://www.bbc.com/future/article/20250328-why-norway-is-restoring-its-cold-war-military-
bunkers

=Tourists in their hundreds of thousands visit northern Norway each year. But there is a secret world they never see. For hidden away in mountain caverns are jet fighters and
nuclear submarines.

Norway is a land with many bunkers. At the peak of the Cold War, the sparsely populated,
mountainous country had around 3,000 underground facilities where its armed forces and allies could hide and make life difficult for any invader. Dating back to when the
Scandinavian country was part of Hitler’s Atlantic Wall during World War Two and even
earlier, their existence was barely known to the Norwegian public.

Instead of placing tyres on wings or constructing hangars out of wire mesh, as the Russians have done in Ukraine, the drone threat can be limited by dispersing targets to many different locations, or, even better, by keeping the aircraft safe in hardened shelters – the hardest of which is a mountain.

The Norwegians aren’t the only ones reactivating Cold War bases. The Russians have also in recent years reactivated around 50 Cold War bases of varying kinds across the Arctic. The Swedish navy has returned to its underground naval base on Muskö island, about 25 miles (40km) from Stockholm.

Other countries have gone further than simply reactivating bunkers built decades before;
they are building new underground structures. China has built a massive new underground
submarine base on Hainan Island in the contested South China Sea. It is also building a vast new underground command centre near the capital, Beijing. Iran has built its own underground naval base in the Persian Gulf and showed off its “underground missile city.”=

ResearcherZero March 31, 2025 1:02 AM

@Clive Robinson, ALL

This is the kind of thing that normally takes place in Russia. As with the poor decision making demonstrated by Pete Hegseth and Michael Waltz, it points to an increasingly politicised and ideologically-driven intelligence and military leadership. Traditionally, what separated the Russian military and intelligence apparatus from the U.S., was that the U.S. had a professional military and intelligence service, where as the Russian version is essentially political in it’s organisation and values.

Because the Russian military was busy pleasing the boss, it lead to hundreds of thousands of it’s troops being killed following the decision by Putin to invade Ukraine. This is the kind of thing that eventually turns a highly professional force into an ineffective one that is headed for catastrophic failure. If the executive branch only hears what it wants to hear, purges personnel it considers disloyal and out of step with it’s ideological values, and accordingly dismisses all other forms of information due to cognitive bias, it is sure to lead to tragic mistakes through a tendency to dismiss warnings and concerns.

Or defeat and loss, to put it simply. All the warning signs are present.

‘https://www.justsecurity.org/109299/intelligence-us-realignment-russia/

ResearcherZero March 31, 2025 5:33 AM

CISA has released an analysis of a backdoor which exploited CVE-2025-0282 in Ivanti Connect Secure devices and allowed malicious components to be copied to the Ivanti boot disk.

‘https://gbhackers.com/cisa-warns-of-resurge-malware-exploiting-ivanti-connect-secure/

Previous analysis by Google’s researchers states that the deployed tools allowed for the altering of logs and file integrity to provide the appearance of a successful upgrade.
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day

Dragos released a report on a separate intrusion by Volt Typhoon of a public utility.

‘https://www.dragos.com/wp-content/uploads/2025/03/Dragos_Littleton_Electric_Water_CaseStudy.pdf

Clive Robinson April 1, 2025 4:13 PM

@ Bruce, ALL,

LLM extinction by CapEx…

Here in the UK, outside of politicians and one or two others with questionable cognative bias we tend to take a different view on current AI LLM and ML systems.

In fact here the Hype Bubble appears to have started deflating rather than blowing out like “a shoddy tire on the freeway”.

For example this non-puff piece from a well known trade media outlet,

https://www.theregister.com/2025/03/31/llm_providers_extinction/

“LLM providers on the cusp of an ‘extinction’ phase as capex realities bite”

“Gartner says the market for large language model (LLM) providers is on the cusp of an extinction phase as it grapples with the capital-intensive costs of building products in a competitive market.”

They also think it will be more of a slow demise rather than rapid cull.

Personally I think it’s going to roll up backward. Currently there is a lot of silicon from NVidia burning up fossil fuels at ever increasing prices. The thing is it’s doubtful that any paid income –rather than investment– is enough to keep the lights on let alone the servers creating enough heat to keep thousands of homes warm…

Worse LLMs are clearly not scaling currently so throwing NVidia chips at the issue is showing less and less actual returns let alone bankable ones. Then there is the crap input data the GIGO principle appears to hold and the good data is long ago in the DNN, what is going in now is at best questionable from human generation. Then there is the issue of AI Generated Garbage Input.

The net result is it “flattens the curve” by significantly “broadening the skirt” for what is basically a statistical model with a bit of random thrown in… None of that flattening is good news, it just makes garbage out more probable and so it goes back in flattening the curve even more…

If the current AI LLM is to survive, it needs not just high quality input, it needs a better way to generate the curve. Which means the current ML systems are not just not upto the job they need replacing with something several orders of magnitude better.

ResearcherZero April 2, 2025 2:54 AM

@Clive Robinson, ALL

The US tech sector will get whacked with retaliatory tariffs, then due to all the cuts will suffer a huge impact as skills and experience are lost from the input stream of qualified researchers, scientists and students with the necessary skills to fill the vacancies. The entire foundation that America’s research and development apparatus was built on, is being disassembled. How the administration hopes to build advanced production without these crucial elements, in a short period of time, is purely an area of delirious rumination.

China has already demonstrated it can outpace US advances, prior to the US handicapping itself, and turning on it’s traditional allies and partners, who once cooperated on research and development projects. The US will learn the hard way AI won’t solve their problems. It will not fill the void of all the positions it has cut, nor repair the damage to capability and the damage to trust caused by careless and reckless decisions.

Now other nations will begin to look elsewhere for those partnerships and trade agreements.
Skilled professionals and researchers will also look elsewhere for positions. Students likewise will look elsewhere for opportunities. Australia chose to sell Over The Horizon Radar technology to Canada and other nations are looking to sell their tech elsewhere too.

ResearcherZero April 2, 2025 3:56 AM

Another round of espionage related network intrusions might be about to kick off.

‘https://www.greynoise.io/blog/surge-palo-alto-networks-scanner-activity

Similar probing in 2024 lead to the compromise of VPN, firewall and other security devices.
https://www.wired.com/story/arcanedoor-cyberspies-hacked-cisco-firewalls-to-access-government-networks/

A campaign has been targeting vulnerable services in Latin America and the APAC region.

‘https://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html

Clive Robinson April 2, 2025 8:14 AM

@ ResearcherZero, ALL,

A three shell con game

With regards,

“How the administration hopes to build advanced production without these crucial elements, in a short period of time, is purely an area of delirious rumination.”

The answer is simple “follow China’s lead” but to a different tune.

We are seeing this happening with what is left of the US CHIPS Act.

The trumper has belched out that all the foreign companies that want a sniff at any money must first poney up the cost of their bringing their manufacturing and qualified and specialist personnel to the US.

Then they might be allowed a taste on a trickle by trickle basis.

What will actually happen is that those foreign companies will be required to bring US Citizen Personnel “up to not just speed but muster” thus the foreign companies have to hand over all their “trade secrets”…

Then the Trumper will make use of the War Act or similar to take the factories off of the foreign companies and their investors and deport all of them before they can start legal action etc.

If I was managing any foreign company I’d stay well away and sack any of their non native personnel and ask the government to deport them, and put a 1000% pre-pay export tax on anything destined for the US.

The thing is the US consumes inefficiently around half the worlds resources… And apparently can not survive with out them.

The thing is other nations do not have to supply the US with “raw materials” or component parts. Without which the Trumpers plans just won’t work.

It’s why he’s talking about invading Canada and certain European nation islands. Because they are sitting on “raw resources”, “manufacturing plant”, and have “skilled in those areas personnel”…

It’s what “White Russians” have done since the time of Christ, and Communist China are also doing the same though less obviously by slow take over than by brutish force.

And some others in South America are seeing things that way…

The thing is aside from China none of these politician/authoritarian led countries appear to understand that what you dig out of the ground needs to be turned into skills for the whole nation otherwise you will quickly become impoverished beyond belief.

For those that doubt this have a look at a bit of European history. The North tended to reinvest in various ways, the south basically squandered any “new world wealth” they got their hands on. The Spanish did actually become genetic medical imbeciles in their ruling classes by “in breeding” whilst this happened untill into the early 1900’s –Victoria’s Children– in the North of Europe the monarchy etc had become effectively ineffectual puppets so the damage they could do was actually reduced in most, but sadly not all cases.

Do not be surprised if you hear that the US 1% of the 1% also develop a steadily more closed “stud book” breeding pattern to “keep the wealth and power” in the family. To be honest some of the US long term politicians already exhibit signs you would expect of inbreeding (have a look at how “village idiots” come about).

Who? April 2, 2025 12:07 PM

@ Clive Robinson (Re: UK’s first permanent facial recognition cameras)

I would say it is time for an open source project to map all known cameras at London, so a “shadow map” can be build.

It is sad what is happening to that beautiful city, that now looks more like an orwellian China’s surveillance nightmare.

Thanks for the info!

ResearcherZero April 2, 2025 11:47 PM

@Clive Robinson

DOGE fired employees who review AI systems. It also cut teams who review medical device safety and security, then later attempted to rehire them. People working in the area have said that with the reduced resources due to cuts, they are already struggling to complete reviews. Some 3,500 employees are on the chopping block at the FDA, but they don’t yet know who they are.

Former senior national security figures have commented they are concerned about US capability and that is not keeping up with the pace of China’s network intrusions.

“I don’t want something that’s going to disrupt that. I don’t want something that calls into question whether or not this is a good place to work. These are all elements of being able to keep really good talent.

“…I think that this is the challenge any time that you have networks that are being provided a certain amount of privilege by different users. You’re going to have our adversaries look for ways upon which they can draft in behind them. I think this is a great concern. I’ve heard a lot about it and I’m not privy to the details in terms of how it was done, but just the description certainly gives me pause.”

‘https://therecord.media/nakasone-interview-china-ai-deepseek-doge

The hiring of FDA device reviewers is largely financed through an ongoing five-year agreement between the FDA and medical device companies.
https://www.medtechdive.com/news/fda-cdrh-cuts-device-industry-impact/740528/

It is unknown how many laid off employees are involved in medical device cybersecurity.
https://www.nytimes.com/2025/02/21/health/fda-trump-layoffs-device-and-food-safety.html

ResearcherZero April 3, 2025 12:14 AM

@Clive Robinson

On top of those concerns, programs that assist manufacturers and other companies are being cut, along with institutes and other organisations that carry out research into various fields. The Wilson Center was recently gutted, USIP was seized and the staff fired, many other departments and agencies that might of looked at implications of decisions and policy have been neutered or cut to the bone. Not to mention the investigatory bodies.

This reduces the ability to actually look at what is taking place, investigate what has happened, detect events and intrusions that were missed and figure out how to respond. You cannot plan a well formulated strategy of response, without knowing all the facts.

Establishing accurate indicators can be a difficult task without the resources in place. Attribution is extremely difficult without multiple points and parties to assess an event.

It is preferable to find out when the lights go out – that you can get them back on. Or know just how far an adversary has penetrated and figure out how every step took place.
It is also important to note that America cannot do this alone – it needs other eyes.

PR can’t spin every failure. Eventually people begin to become frustrated.

But anyway, this is interesting…

Verizon API allowed discovery of customer incoming call history and some outgoing history.

‘https://evanconnelly.github.io/post/hacking-call-records/

@ALL

Warnings about a new chained exploit against Cisco SLU.

‘https://isc.sans.edu/diary/rss/31782

A static password can be used to access licensing data in Cisco Smart Licensing Utility
https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html

Australian Wayfarer April 3, 2025 3:24 AM

Here is a story Bruce Schneier will appreciate, I suspect.
And a hello to Clive, hope you’re travelling well soldier, I think you’ll enjoy this also.

Australian Mint releases coin to acknowledge Signals Corp with ‘secret’ messages on the coin

https://www.abc.net.au/news/2025-04-03/mint-1-dollar-coin-coded-secret-message-corps-signals-centenary/105129128

Look for the link toward the end of the article referring to the coin previously issued by the Australian Mint that has 5 layers of cipher on its surface – and the teenager who broke it.

Clive Robinson April 3, 2025 8:18 AM

@ Who?, ALL,

With regards your thought,

“I would say it is time for an open source project to map all known cameras at London, so a “shadow map” can be build.”

Whilst London might have the most cameras there are many other places that need this sort of thing.

There kind of is a map system of “cameras” already in London that show motorists where those “speed cameras” are.

There is no reason I can see technically why that system could not be extended / broadened out for all sorts of other cameras.

That said, the system does not appear to have reduced the number of people getting fined by speed cameras.

Which suggests,

1, There are “fixed cameras” missing from the data.
2, There are a lot more “temporary or mobile cameras” than there were.
3, Motorists are not consulting the map data for some reason
4, Some people don’t care about the cameras for some reason.

I suspect that (1) newly installed cameras take time to get in the data.

But also that the temporary/mobile cameras (2) should be added, because there is only a limited number of places they can legally be put. Thus “grey zones” would be helpful to both sides of an honest debate about “reducing speed” on the roads.

But aside from being unaware (3) of the map existence I’m unsure as to why people would not be interested. Even if they are a model driver, the map will change the driving behaviour of some drivers in those areas in a non obvious manner. As someone who used to cycle a lot, that information would have been a life saver.

That said I did use to know people who (4) did not care about speed cameras as back then you could buy-then-sell a car in short order as a Dealer/Trader and not have to “re-register the vehicle”… so in the short period they had the vehicle what fines etc they accrued would go to someone else so “not their problem”. This obviously became sufficient of a problem that they changed the way a vehicles “title” of ownership was transferred to close this loop hole.

I suspect these two very human issues (3&4) will carry on, even with facial recognition cameras that do “Arrest on Sight” and similar.

Some people never learn, or want to learn and think things do not apply to them for some reason…

Clive Robinson April 3, 2025 9:02 AM

@ ResearcherZero, ALL,

With regards,

“It is unknown how many laid off employees are involved in medical device cybersecurity.”

There are actually so few that just laying of one or two would be effectively devastating.

There are four types of medical electronics and three broadly overlap,

1, Fixed installation (X-Ray NMRI etc) these are all mains powered.
2, Trolly based equipment that are mains and sometimes battery powered.
3, Portable mostly battery powered equipment often using short life rechargables.
4, Implanted electronics using very specialised batteries that are not rechargable and don’t corrode or swell with use and most importantly don’t leak.

All have the added disadvantage that you can not change them in any way as this would require the units to be “fully recertified” as we know from Boeing being in the news fairly frequently, “self recertification” is a complete non-starter, especially “software”.

The problems with Cybesecurity are many fold not least is due to the time it takes to design and certify equipment some new instances of vulnerabilities have appeared or been turned into exploits… Then there are all those unknown unknowns that will be found and exploited during the equipments 20-50year life time.

But “security” day to day,

“Is all about the Math!”

And most of that math is CPU cycle intensive (even shift registers and Xor in “stream ciphers” “click the wheels”). CPU cycle intensive means speed and power. The fact is power usage goes up nonlinearly with speed of operation the faster you go the greater the losses due to capacitance effects, that in turn means more heat is generated which needs more current which generates even more heat… And a few things more on top. Then long life batteries generally have a very high internal series resistance which means current goes up voltage goes down and more current is needed to clock the logic.

So designs have to be thoughtfully made.

Any one see the film Apollo 13 where they are trying to optimise the battery use so they can bring the capsule “back to life”? Well imagine having to do that for every communications function in a pacemaker or similar a human life is going to depend upon… It takes a certain fairly rare mindset to be able to do that and not go incandescent with burnout in a short period of time.

I actually know an engineer who changed career to becoming a fully qualified doctor, as he realised it would be less stressful, and he says it is… But that has not stopped him having to have multiple bypass surgery…

Clive Robinson April 3, 2025 10:02 AM

@ Australian Wayfarer,

I’ll not make my usual flippant “coining it” or “minting it” jokes.

But I will not “the signalers” go back a lot further than a Century.

Aside from Message flags and letter
semaphore there was Aldis Lamp mores code and telescopes. Also look up the “Field Auxiliary Nursing Yeomanry”(FANY) as they were called when I first knew them. Their more than century old independent assistance to the army as Medics, Intelligence and Communications still goes on today,

https://en.m.wikipedia.org/wiki/First_Aid_Nursing_Yeomanry

But also consider there are early pictures of the Military Cartographers “surveying India” and other places, what is not mentioned but can be seen in the equipment that they were probably also sending back intelligence and the like…

The “Royal Signals” actually did not start untill quite late in the history of battlefield communications, with field telephones and eve’s dropping on them with “ground loop” pickups well established in the “Great War” but kept very secret (untill Churchill blew the gaff).

So in the UK 29th Feb 2020 was the Royal Signals centenary. They were formed after most of these who were signallers during WW1 had returned to civi street, and the senior brass finally realised that as important if not more so at times than “bullets and bandages” was information sent by fast, reliable and secure communications. Though not much said, WWII was a technological war and communications was the hub of all things happening.

I’ve been told off by some of my nearest and dearest because I won’t pick up the medals I’m entitled to.

Whilst I did not hang around long enough for a “long service”(and not getting caught) medal there are the “I was just leaning on my rifle over there” campaign medals that I could collect but… Truthfully the only heroic things I ever did in green were keeping my temper and off the battlefield saving people who had had accidents for which they don’t hand out military medals as bullets are not buzzing around etc.

I actually know people who absailed un-armed out of helicopters under heavy fire to give life saving surgery in a hole in the ground and behind sandbags and similar places. I would be embarrassed to stand next to them with ribbons on my chest.

Look at it this way “I got myself home alive” with a little help from others. Where as “They got home alive many who would not otherwise have done so” often without help or much in the way of support. They came home and quietly went back into their “day jobs” in hospitals all up and down the country for long hours and worse treatment from the politicians…

So who deserves a medal? Not me me’thinks.

ResearcherZero April 3, 2025 9:09 PM

@Clive Robinson, ALL

China was using sonic techniques and various light and flag signals. To organize their units in battle they used drums and and other instruments to communicate, or flags and fire over longer distance to send messages. They employed ciphers very early on and used many other techniques to hide messages within objects and use covert transport methods.

Chinese military units also used bells, whistles and other instruments in combination with the drums, so that maneuvers and battles must have had a dramatic flair and rhythm. Quite an effective morale booster one would imagine it to be, as well as serving tactically.

The West is pretty far behind in recognizing how important reliable information is. Also as Clive pointed out, the support structures such as the medical support.

Support services are often referred to as “canon fodder” which is a degrading term for the teams that actually deserve the medals for routinely saving lives and preventing injury. And the weather service, so you don’t get bogged or the mess hall flooded. No one wants the latrines floating through the sleeping quarters or the rations.

Without the medics and other services, anyone on – or involved in the combat services – is pretty much ducked without essential support. It is critical to maintain the transport, place a bridge across an obstacle, or communicate securely that such assistance is required (in a prompt fashion), or all other services begin to collapse without that support.

UNC5221 continues to target zero days in edge devices for espionage. In 2024, UNC5221 modified Ivanti’s built-in Integrity Checker to always display no findings, after it exploited vulnerabilities that had been considered a low priority to gain access.

Again they are exploiting yet another “low-risk” bug to get unauthorized RCE.

‘https://www.theregister.com/2025/04/03/suspected_chines_snoops_hijacked_buggy/

ResearcherZero April 3, 2025 9:27 PM

@Clive Robinson

It takes a certain fairly rare mindset to be able to do that and not go incandescent with burnout in a short period of time.

That is why probationary employees are important, so that you can get the younger staff to do repetitive tasks that require concentration and also talent. It is often the younger minds who are enthusiastic to tackle math and other problems. Quite often it was the younger people in the intelligence fields who were solving problems or knew the latest about what was taking place, where as some of the older folk were busy with administrative tasks and dealing with the bureaucracy and the “politics” … [begins ranting]

The talent is important. The young, sharp minds – vs the the old farts, who granted have all the experience, maintain a calm and disciplined environment and can answer questions, but complacency is dangerous. It is the younger folks who pick up things others might miss.

Plus you can get them to do all the boring crap. Supervised of course. 😉

Clive Robinson April 4, 2025 8:29 AM

@ ResearcherZero, ALL,

With regards,

“The young, sharp minds – vs the the old farts, who granted have all the experience…”

As an old fart that has “brought on probationers” and “on ramp hires” a little song springs to mind 😉

So to misquote Huey Lewis’s words of “Stuck With You” from the mid 1980’s

Yes, it’s true (yes, it’s true)
I am happy to be stuck with you
Yes, it’s true (yes, it’s true)
I’m so happy to be mentoring you
Cause I can see (I can see)
That you’re happy to be learning from me

We are bound like all the rest
Like the same phone number
All the same colleagues
All at the same address

ResearcherZero April 9, 2025 4:39 AM

@Clive Robinson

It appears we have an answer what happens when you get rid of all the “old-farts” and axe multiple programs and positions from the most important government departments – along with the agencies and institutions that provide the support underpinning government services at whim – without any prior planning and analysis or consideration for the consequences. 🤕

When departments and contractors were asked what systems or contracts were “mission critical”, they were informed they should describe it in terms so that, “A 15-year-old should be able to understand what service you provide and why it is important.” When asked what happens when capabilities and expertise disappear, the White House has no answers.

‘https://www.nytimes.com/2025/04/08/us/politics/trump-tariffs-global-trade-war.html

Disaster response teams unable to deploy because the response systems have been dismantled.
https://www.justsecurity.org/110009/us-absence-myanmar-earthquake-response/

The FEMA recover program to help communities prepare and respond to disasters has been cut.
https://carnegieendowment.org/emissary/2025/03/fema-disaster-recovery-budget-cuts-state-impact

The people who normally respond to disasters and crisis are gone. 🤔
https://www.theatlantic.com/politics/archive/2025/02/trump-federal-bureaucracy-dismantling/681552/

Thousands of datasets and websites have been removed.
https://abcnews.go.com/538/matters-trump-deleting-government-data/story?id=119003153

ResearcherZero April 9, 2025 5:23 AM

@Clive

Instead of attempting to solve the calamity they have created they are now feuding.
Not the smartest move after wiping 20% from the S&P and God knows what else.

I have a vague memory of Republicans saying ‘this is insane’ around 5 years ago. and I saw some pretty weird things when Bill Casey and Ronald Regan were authorizing ‘things’.

The good thing about no-one knowing about a balls-up is at least you can pretend like it never happened. Now in the present this stuff affects everyone else as well. Things got gnarly at times back then, but some of it could at least be contained. You cannot stage manage massive cock-ups when they are conducted both internally – and externally against the entire world. Global blow-back is not something that can be hidden from.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.