Friday Squid Blogging: Gonate Squid Video
This is the first ever video of the Antarctic Gonate Squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Comments
lurker • June 21, 2025 3:01 PM
@Clive Robinson, ALL
So Samsung has joined the club, what took them so long?
Ever since Huawei got kicked out of the Google shakedown, they have operated a “Huawei Cloud” offering storage and email, and a “Huawei App-market”, because users demanded it. I have not found any reports linking this with any obligation Huawei may or may not have to the PRC govt. This Cloud and Appstore are now available to users of the peeled off brand “Honor”.
We all know about Google, even resorting to bribery now, e.g, a new Lenovo tablet set up with minimal PII inputs, and liberal use of the “Skip” button, now whenever it goes online pops up a full screen panel:
“Finish setting up your device and enjoy all these whizz-bang games!”
I’m in the market for a new phone, and a little voice has been nagging me, “Not Samsung.” Now I know why, they’re in the snakepit.
not important • June 21, 2025 5:01 PM
@Clive – do you know did Samsung install similar surveillance technology (microphones and cameras)on their other products: smart TVs, tablets which sold in US and other Western countries and activated/accessed without knowledge of the consumer by known culprits?
not important • June 21, 2025 5:09 PM
https://www.yahoo.com/news/why-ai-halllucinating-more-frequently-110000867.html
=However, AI hallucinations present a problem when it comes to delivering accurate and correct information, especially if users take the information at face value without any
checks or oversight.
“This is especially problematic in domains where decisions depend on factual precision,
like medicine, law or finance,” Watson said. “While more advanced models may reduce the frequency of obvious factual mistakes, the issue persists in more subtle forms. Over time, confabulation erodes the perception of AI systems as trustworthy instruments and can
produce material harms when unverified content is acted upon.”
And this problem looks to be exacerbated as AI advances. “As model capabilities improve,
errors often become less overt but more difficult to detect,” Watson noted. “Fabricated content is increasingly embedded within plausible narratives and coherent reasoning chains.
This introduces a particular risk: users may be unaware that errors are present and may treat outputs as definitive when they are not. The problem shifts from filtering out crude errors to identifying subtle distortions that may only reveal themselves under close scrutiny.”
The situation is further complicated because it can be very difficult to ascertain how LLMs come up with their answers; a parallel could be drawn here with how we still don’t really know, comprehensively, how a human brain works.
the CEO of AI company Anthropic, highlighted a lack of understanding in how AIs come up
with answers and information. “When a generative AI system does something, like summarize a financial document, we have no idea, at a specific or precise level, why it makes the choices it does — why it chooses certain words over others, or why it occasionally makes a mistake despite usually being accurate,” he wrote.
“Another approach involves introducing structure into the model’s reasoning. By prompting it to check its own outputs, compare different perspectives, or follow logical steps, scaffolded reasoning frameworks reduce the risk of unconstrained speculation and improve consistency,” Watson, noting this could be aided by training to shape a model to prioritize accuracy, and reinforcement training from human or AI evaluators to encourage an LLM to deliver more disciplined, grounded responses.
“Finally, systems can be designed to recognize their own uncertainty. Rather than
defaulting to confident answers, models can be taught to flag when they’re unsure or to
defer to human judgment when appropriate,” Watson added. “While these strategies don’t
eliminate the risk of confabulation entirely, they offer a practical path forward to make
AI outputs more reliable.”
ultimately the information that LLMs produce will need to be treated with the “same
skepticism we reserve for human counterparts.”=
Clive Robinson • June 21, 2025 5:58 PM
@ lurker, not important, ALL,
With regards,
“So Samsung has joined the club, what took them so long?”
Honestly I don’t know, but I can make some guesses.
For instance does Samsung know it’s very probably an Israeli Operation?
Rather than say a US Operation…
We’ve know for years every mobile device manufacture will “touch their toes” to protect their market share. Just look up the history of “Research In Motion”(RIM) selling out every one other than certain “corporate clients” to “National Governments” like the UK via Met Police, Pakistan, Saudi Arabia, and several more.
Then there was the nonsense with “Carrier IQ” with by far the majority of mobile phones sold in the US “under contract” to AT&T, T-Mobile, etc, etc.
The way these spying apps and OS additions are most often caught out is via the “network traffic” they create. It gets seen and then tracked back.
Thus the question arises as to if such spyware is going to be found, if it’s installed but,
“Not doing an ET phone home”
To the mothership?
This is an important question now “client side scanning” is a fairly solid thing.
Because client side scanning can use the same idea as “Number Stations” that use the “General Broadcast Model” to do “one way communications” with the “user device spyware”.
I would assume that if someone with a moderate knowledge of history can apply it to modern devices then so can many others, thus the probability of it having been oe in the process of being done is high.
lurker • June 21, 2025 8:39 PM
@Clive Robinson, ALL
Maybe previously handset makers could choose to install IronSource, and sell the data to the highest bidder. Now it has an American front, their arms are twisted to install it, and they have are compelled to give the data to Uncle Sam, who will dribble chosen bits to the friend of the day …
Clive Robinson • June 22, 2025 5:50 AM
@ lurker, ALL,
With regards,
“Maybe previously handset makers could choose to install IronSource, and sell the data to the highest bidder.”
You really need to look up the CarrierIQ scandal and what led up to it,
https://www.engadget.com/2011-12-01-carrier-iq-what-it-is-what-it-isnt-and-what-you-need-to.html
It all started to break publicly on November 12, 2011, when smart phone researcher Trevor Eckhart posted to androidsecuritytest.com what appeared an outlandish and crazy post. He said that some unknown company Carrier IQ was logging smart phone users information such as key strokes, their location and more. All without the users being notified or giving them the chance to decline to be spied upon.
Apparently it effected about 150million phones which when you consider back then the US population was ~300million it was a significant number…
It was in all probability violating US federal law, and unsurprisingly several cases started. That if successful would have wiped out Carrier IQ and crippled most major US Telco operators that supplied mobile services that included IP connectivity to user Smart Devices.
But also it would result in things comming out that the US Gov at the highest levels would not wish to be seen made public. So realising what would happen if the cases were allowed to go to court, those that “sit on the hill” passed legislation to not only make it legal but retrospectively so…
https://www.theregister.com/2025/03/15/rip_mark_klein/
Think on that for a while and it will probably answer,
“Now it has an American front, their arms are twisted to install it, and they have are compelled to give the data to Uncle Sam, who will dribble chosen bits to the friend of the day”
But consider why it actually started …
There is a neocon mantra about “leaving money on the table/floor” which under pressure of other US legislation requires US Companies to “maximise shareholder value”.
Thus every use of company money has to show a return to shareholders at a significant multiple.
Back in 2011 it was argued that the Carrier IQ software was installed for “tech-support” reasons, that on simple analysis could never have shown the required returns to shareholders…
So you have to ask,
“What would show returns?”
Well not having the company destroyed by the US Gov for not behaving illegaly upon request from US Gov Agencies is one such reason (look up Qwuest demise after it’s CEO Joseph Nacchio refused to play along to the Bush “request”).
Another is to “sell the data” to “third parties”.
Thus it’s reasonable to assume that all Smart Devices sold into the US have such spy-ware installed as standard, and that includes your fridge and microwave and other “household electronics”…
Dancing on thin ice • June 22, 2025 1:02 PM
@ World
This site avoids politics.
(Possibly too much by not covering security issues and best practices they’ve warned about in the past that the current administration constantly ignores).
Many American citizens disagree with those in government that have fired security experts for giving assessments they don’t like. Other nations may be reluctant to share information to make informed decisions if recent events escalate.
Clive Robinson • June 22, 2025 3:35 PM
Is AI the Stack exchange replacement, but worse?
As some may remember I’ve a poor view on “cut-n-paste programmers” that take code examples from Internet sites.
The reason is the “code examples” are usually “bad” in that they have been so simplified they are not suitable for any kind of code that is going to be used by (ab)users and paying customers.
In order to make the code snippets clear a lot is left out such as the issues of handling the likes of,
1.1, Errors
1.2, Exceptions
1.3, Push to the left input validation
1.4, Push to the right Business logic
Thus most “code on the Internet” suffers from two or more from the above list, which makes it “unsuitable for production code”
Especially in any environment where,
2.1, Usability
2.2, Functionality
2.3, Stability
2.4, Reliability
2.5, Availability
2.6, Safety
2.7, Security
Are basic requirements.
Which brings up the issue of Microsoft CoPilot…
Where does it get it’s very sub-par training data?
From the Internet with all those over simplified and often wrong example “code snipits”…
Have a look at the comments section of,
https://www.theregister.com/2025/06/20/github_begins_enforcing_premium_request/
Some of you will have seen me say that the M$ LLM business plan is,
“Bedazzle, Beguile, Bewitch, Befriend and Betray”
And I’ve also noted in the past their “lock-in then rape pillage and plunder” That has got way way worse with XaaS Cloud services etc.
One of the comments gives the effect of combining the two M$ business plans as,
Hook ‘m, then pluck ‘m
Sucks to be a business buying into this:
1. hook ‘m on copilot
2. make them fire programmers
3. silently change the license agreement to include severe penalties when wanting to get out
4. increase copilot prices to above the level of fired programmers
5. no more steps needed, oh well, decrease quality, that is obviously a required step
6. profit!
Now “Hands up” all those that did not see that coming?
If you look back on this blog, I’ve claimed the same plan but with detectives / investigators / analysts rather than programmers being the original target of Peter Thiel’s Palantir…
But it’s actually worse than most think… Have a read of this published this past week,
Oh and if you want to know what skin is in the game in the US,
https://www.rsn.org/001/inside-the-powerful-peter-thiel-network-that-anointed-jd-vance.html
You might want to mull things over… Especially in light of the news this past weekend.
not important • June 22, 2025 5:20 PM
@all – avoid politics – sure, but post information related directly to security – yes. Stick to logic not emotions which usually not productive with the subjects of this blog. There are many other platforms for emotions.
https://www.timesofisrael.com/how-israel-used-spies-smuggled-drones-and-ai-to-stun-and-
hobble-iran/
=Guided by spies and artificial intelligence, the Israeli military unleashed a nighttime
fusillade of warplanes and armed drones smuggled into Iran to quickly incapacitate many of its air defenses and missile systems. With greater freedom to fly over Iran, Israel
bombarded key nuclear sites and killed top generals and scientists. By the time Iran
mustered a response hours later, its ability to retaliate — already weakened by past
Israeli strikes — was greatly diminished.
The Mossad and the military worked together for at least three years to lay the operational groundwork, according to a former intelligence officer who said he had knowledge of the attack. This person spoke on condition of anonymity, given the sensitivity of the subject.
Mossad agents had smuggled precision weapons into Iran that were prepositioned to strike
from close range, according to two current security officials who spoke on condition of
anonymity to discuss the missions. Those >weapons included small, armed drones, which agents snuck into the country in vehicles, according to the former intelligence officer.
To analyze information gathered from various sources, Israel used the latest artificial-
intelligence, or AI, technology, said an intelligence officer involved with selecting
individuals and sites to target. He said AI was used to help Israelis quickly sift through troves of data they had obtained. That effort began last October, according to the officer, who spoke on condition of anonymity because he was not authorized to talk to the media; it was one month before Netanyahu said he had ordered the attack plans.
In addition to AI, the Mossad relied on spies to identify top nuclear scientists and members of the IRGC, according to one security official. At least eight members of the Guard, including the head of its missile program, were killed in a single Israeli strike on an underground bunker.
Another facet of the attack was to strike Iranian vehicles used to transport and launch
missiles.
Shine said the strategy was similar to a Ukrainian operation earlier this month in Russia.
In that operation, nearly a third of Moscow’s strategic bomber fleet was destroyed or damaged with cheaply made drones snuck into Russian territory, according to Ukrainian
officials.=
Clive Robinson • June 22, 2025 5:47 PM
@ Bruce, ALL,
An interesting AI statistic, gives a thought as to how to commit a new form of crime…
The statistic is given in,
https://www.theregister.com/2025/06/22/ai_search_starves_publishers/
Titled,
<
blockquote>“The AIpocalypse is here for web sites as search referrals plunge :
Turn out the lights, the internet is over”
<
blockquote>
Based on the statistic
“A year later, enterprise AI analytics biz BrightEdge reported that Google AI Overviews had generated more search impressions (up 49 percent), but click-throughs to the actual web sites dropped 30 percent
Is that misplaced trust by the (ab)users at work, or just human lazyness?
Either way as the article notes,
That means AI Overviews is leading more people to use Google Search to find answers to their queries. But those people are less likely to follow search results links that lead to the source website. Good for Google. Terrible for the ecosystem of web sites that had learned to depend on search referrals for buyers, readers, and viewers.”
But my somewhat devious mind can see ways in which these trends would be “good for criminals”.
(Having been told off in the past, I shall refrain from giving a description that would be sufficient to develope either a POC or actual fraud… But I suspect many who read here can think one up…).
Clive Robinson • June 22, 2025 9:43 PM
@ Bruce, ResearcherZero, ALL,
Of foxes and hen houses in Australian Age legislation.
Australia want’s to place a ban on children / adolescents under 16 using social media.
Importantly though they want a system that does not use Government issued ID, or carries any risk / cost for the Government.
So they want technology to be the arbitrator of age… Which is something humans have not been able to do in the past, nor can they do in the present. Which means most likely as we are dealing with growth rates based on probability we never will and by extension neither will technology.
So far all “independent trials” come to the same conclusion that technology is worse than humans and just can not get close to being correct.
However… A UK “trade association”, that has been specifically chosen by the Australian Government is running a technology trial,
“The trial is being led by the Age Check Certification Scheme—a company based in the United Kingdom that specializes in testing and certifying identity verification systems. It includes 53 vendors that offer a range of age assurance technologies to guess people’s ages”
Unsurprisingly to what some would call skeptics / cynics[1] is reporting that in their trial the world is rosy and it can be done using the technology their members supply…
Which is very convenient for both the trade association members who stand to profit greatly and the Australian Government who can thus “arms length” the issue at no cost or risk to themselves…
As is sometimes remarked,
“How convenient, nothing to see here move along.”
https://phys.org/news/2025-06-technology-teen-social-media-effective.html
[1] In the interests of full disclosure, I have been called worse than that, back when I worked in an associated industry of Biometric Verification using “finger print scanners”. I found every system back then could be cheated, usually quite easily which was not exactly what my employer wanted to hear. That is by no more than latex / rubber solution glue to make artificial finger prints you could then attach to your fingers or a latex glove and rub against the side of your nose to get the “grease” to make the print. Something I’ve mentioned how to do in detail on this blog before, I’d worked out in the late 1960’s how to do when “very young” from playing with the soft red wax around Edam Cheese. I later found out that the author of the Sherlock Holmes Detective stories Sir Arthur Conan Doyle had put it in one of his stories,
“The Adventure of the Norwood Builder”
And that he or Bertram Fletcher Robinson had also worked out how to make fake fingerprints from seeing thumbprints in the hard red wax used to seal letters and legal documents.
Clive Robinson • June 23, 2025 12:21 AM
@ Bruce, ALL,
AGI is mathematically impossible
Is the conclusion of this paper,
https://philarchive.org/archive/SCHAIM-14
The start of the introduction says,
“There is a somewhat common expectation that emerged in the AI-Community: we are approaching, inevitably, the threshold of Artificial General Intelligence.
This expectation, however deeply held, rests on an impossibility, as this paper will demonstrate.”
It’s a fairly long paper and it’s somewhat involved.
More correctly it’s the second of atleast three papers (the third is in production).
In essence the argument is “drowning in data” and those who have read my comments earlier about “current AI LLM & ML systems” being “adaptive filters” that work on various hierarchical semantic level spectrums will see the commonality of the thinking process with,
“Here, we ask a different kind of question: What happens when the very act of receiving new information causes uncertainty not to collapse, but to grow?
We explore how layered semantic interpretation — the kind required in general cognition — can produce not clarity, but entropy divergence. We introduce the concept of IOpenER (Information Opens, Entropy (Resnick, 2007; Embrechts et al., 1997) Rises), which captures a paradoxical but measurable phenomenon: under certain conditions, more data does not help an AI system make better decisions. It destabilises meaning itself.
This results in a second, independent proof of the same impossibility. Where the first showed that AGI is blocked by formal undecidability, this one shows that semantic instability and interpretive overload lead to recursive failure.
The system does not lack information – it drowns in it.”
Or put another way,
“Is a needle any less lost in a haystack than in a bale?”
It’s something the recent Apple “towers of Hanoi” paper highlighted by experiment.
lurker • June 23, 2025 4:04 AM
@Clive Robinson, ALL
“So they want technology to be the arbitrator of age”
Chinese railways did this: passengers with a child ticket must be less than 1.2 metres tall: every carriage has a marker on the wall at 1.2 metres height. Improved nutrition and lifestyles forced them to lift it to 1.4m. early this century. Now, to get that to work on social media …
not important • June 23, 2025 5:21 PM
For personal security
https://www.yahoo.com/news/yes-snakes-fly-not-arizona-120039337.html
=Can a dead snake still bite?
Yes, a dead snake can still bite, especially shortly after it dies. This happens because
snakes have strong reflexes and their nervous system can still fire even after death.
If you touch or disturb a recently killed snake, its muscles, including those in the head and jaw, may still react.
In venomous snakes like rattlesnakes, this means a bite can still occur and venom can still be injected.=
Clive Robinson • June 23, 2025 8:38 PM
@ not important, ALL,
Re : “Can a dead snake still bite?”
Yes but only for a short while…
But a mostly “headless chicken” can go on and on, with 18months being the “official” “Guinness Record” so far,
https://en.m.wikipedia.org/wiki/Mike_the_Headless_Chicken
It appears he might have lasted longer if his owner had taken a little more care of what had become a very valuable asset…
Clive Robinson • June 23, 2025 8:55 PM
@ Bruce, ALL
Iberia Peninsular Blackout 28-04-2025 English Report
Warning it’s nearly 200pages and contains quite a few redactions.
Worse the URL just looks suspicious (it is from LinkedIn so what would you expect…),
If anyone knows of a less suspicious link, then please pass it on.
Meanwhile, I shall have to find time to read it in between helping getting a Uni Rocket electronics “flight ready”.
lurker • June 24, 2025 12:16 AM
@Clive, ALL
Your posted link returns me a “Missing e query string”
There are large numbers of MSM heavily digested versions, an 18 page summary in English from “red electrica”:
‘https://d1n1o4zeyfu21r.cloudfront.net/WEB_Incident_%2028A_SpanishPeninsularElectricalSystem_18june25.pdf
A 182 page “unredacted” report in Spanish:
‘https://www.lamoncloa.gob.es/consejodeministros/resumenes/Documents/2025/Informe-no-confidencial-Comite-de-analisis-28A.pdf
There is a link to linked-in with a machine translated version of this last at
‘https://wattclarity.com.au/articles/2025/06/17june-fullreport-iberianblackout/
and curiously DuckduckGo thinks there is a copy of the English report at the Electricity Reliablity Council of Texas, which returns “Access Denied”
Clive Robinson • June 24, 2025 5:13 AM
@ lurker, ALL,
With regards “Missing e query string”
The original link passed to me is,
However being mightily suspicious of LinkedIn’s known rapacious behaviours with regards user privacy[1], I tested trimming off the “e”, “v”, and “t” strings and it did work at the time… So either I goofed at some point or somethings changed at the rapacious LinkedIn in a short time… I’ll let you decide which is most probable 😉
[1] I won’t get into the very long very sordid malware like behaviour history, before and after Microsoft “interest”… However you can track some of the “after” in Microsoft “learn” pages, about how to defang the LinkedIn API links like,
https://learn.microsoft.com/en-us/linkedin/shared/references/v2/digital-media-asset
https://learn.microsoft.com/en-us/linkedin/shared/references/v2/profile/background-picture
Clive Robinson • June 24, 2025 5:19 AM
@ Bruce, ALL,
The EFF has pushed out a notice titled,
The NO FAKES Act Has Changed – and It’s So Much Worse
And reading through it,
https://www.eff.org/deeplinks/2025/06/no-fakes-act-has-changed-and-its-so-much-worse
It’s fairly clear that the original has received a “water down and change the direction of flow” lobbyist attack.
But the depth of the attack has caused even this cynic to be somewhat surprised…
not important • June 24, 2025 6:14 PM
Biological actual threats:
https://www.yahoo.com/news/scientists-issue-stark-warning-harmful-104551212.html
=Houvenc’s team began collecting termite samples “in the Fort Lauderdale area that didn’t match the shape or form of either termite species,” per News Channel 8.
The team genetically tested the termites and found that they had genes from both species.
In general, invasive species have a dangerous impact on native ecology. They outcompete
native species for vital resources and can decimate ecosystems. Native plants and animals are crucial for maintaining natural environments and processes, limiting the spread of diseases, and protecting our food supply.
Although this particular hybrid invasive species is located in Florida, it could soon
spread.
Scientists will continue to study this new species to understand its biology and
weaknesses. Then, pest management solutions can be implemented to combat them.=
https://www.yahoo.com/news/experts-issue-warning-dangerous-insect-101551333.html
=The aptly named screwworm fly is beginning to turn up in Panama, southern Mexico, and
elsewhere on a northward path. The insects are about the size of a housefly with orange
eyes and metallic blue or green bodies, according to the U.S. Department of Agriculture.
An adult screwworm, drawn to open injuries and body openings like nasal passages, can
produce up to 300 eggs. Once hatched, the maggots tear at flesh, screwing into and
expanding wounds with sometimes deadly results. The remedy is to remove the villains.To originally purge the insect from Florida, a mid-century project sterilized male flies
with radiation and released them to breed. The method helped to reduce reproduction and was perfected during the decades, culminating in the formation of a “screwworm” wall in the
mid-1990s near the Panama-Colombia border. Sterilized males are still regularly released, Grist reported.=
Mr. Peed Off • June 24, 2025 8:28 PM
While not talked about as much as the Intel CPU security mitigations, Intel graphics security mitigations have added up over time that if disabling Intel graphics security mitigations for their GPU compute stack for OpenCL and Level Zero can yield a 20% performance boost. Ubuntu maker Canonical in cooperation with Intel is preparing to disable these security mitigations in the Ubuntu packages in order to recoup this lost performance…
https://www.phoronix.com/news/Disable-Intel-Gfx-Security-20p
Clive Robinson • June 25, 2025 4:21 AM
@ ALL,
Thomas Wolf cofounder of Hugging Face has dampened hype that current AI can innovate original science
Wolf when talking at VivaTech in Paris pointed out that although current LLMs produce plausible sounding answers, they lack the creativity to ask original questions or ability to reason the answers…
So rather than coming up with a scientific break through as has been repeatedly hyped by the industry, Wolf indicated we are more likely to be creating a whole host of digital “yes-men.”.
Which when you consider how current AI LLM, LRM and ML systems actually work is hardly surprising.
Yes current AI systems can find all sorts of patterns in data that humans might not. But the next stage is deciding if a pattern is actually meaningful or not within a context, and this to put it politely is problematic.
Anyway you can read more about what Hugging Faces chief scientist thinks in,
Clive Robinson • June 25, 2025 7:17 AM
@ Bruce, ALL,
Passkeys bring security issues
As with everything new, there are pros that make it desirable and cons that cause pain in many ways, some new and interesting if you are an observer…
Passwords have been known to be a bad idea since before they were invented 😉
However in very resource constrained times three score years or so ago they “fit the bill”.
And perhaps unsurprisingly we’ve been unsuccessful in getting rid of them because well “passwords are cheap” in oh so many ways not just financial.
But finally something different some would say better is being forced into the equation.
They go by the generalised name of PassKeys and require rather more than a good memory… You need a hardware token that has certain properties.
However to use the properties requires new protocols and standards and unfortunately they have issues that show up in implementations and thus security failings become rather more than a theoretical risk.
This article,
https://www.nullpt.rs/forging-passkeys
Outlines just some of the “cons” of PassKeys and goes towards potential attacks via a PoC.
jelo 117 • June 25, 2025 2:50 PM
@ moderator
Please delete my post
It has a bad non https link.
This is corrected below.
Has anyone attempted looking at AI as a nonlinear dynamical system, and, like nearly everybody else of late, applying the Koopman operator methods to its “evolution” ?
E.g., Koopman has been applied [1] to stock market prices to show they are cyclic, that is, the dynamic system does not as classical theory suggests move to point equilibrium (the “hand” of the market), but to an orbit equilibrium, a more general ergodic behavior. Saari [2] had already shown (not by Koopman methods) that the classical equations, even in small markets of 3 goods, are chaotic.
Perhaps some light would be shed on the evolution of AI models as more and more data is acquire.
1.https://www.sciencedirect.com/science/article/pii/S0378437115010870
2.https://community.ams.org/journals/notices/199502/saari.pdf
lurker • June 25, 2025 3:28 PM
@Clve Robinson, ALL
Lost in Translation Spanish power blackout
TLDR – as I said before many small to medium operators chasing the market without enough attention to grid stability.
The redactions to the full official report have done some wierd things to the text layout on non-redacted tect, including repeating whole paragraphs, and deleting one or more lines of text at the bottom of pages. The 18 page version from Red Eléctrica I linked above is much easier to read, and gives the details on the electrical grid aspects. Especially the sequence of events on p.12, and the Recommendations on p.15.
On the cyber side they seemed confident there was no intrusion, but their comments on separation of IT and OT was a litle vague.
Clive Robinson • June 25, 2025 3:48 PM
@ Bruce, ALL,
This might make you smile or even snort your coffee the wrong way 😉
You know the UK Government is very anti-encryption still. Even after the US Gov said,
“Go E2EE cause Chinese”
Well the UKG set up a web site that was designed/created by a well known bunch of idiots that Mad Maggie thought the sun shone out of…
Well it appears that the site has been hijacked by a very unsavoury “Pay Day Loan” hyper interest company (not sure if the do leg breaking to order or not but…).
It was seen and reported to UK Gov and for slightly less than a day the “Pat Day” nonsense was removed before coming back again…
Kind of says it all about UK Gov cyber policy/action…
Anyway you can read more at,
https://www.theregister.com/2025/06/25/home_office_antiencryption_campaign_website/
not important • June 25, 2025 5:48 PM
Japan unveils world’s most advanced quantum–classical hybrid computing system
https://www.yahoo.com/news/japan-unveils-world-most-advanced-000616774.html
=Japan now hosts the world’s most advanced quantum–classical hybrid setup, pairing IBM’s
cutting-edge quantum system with one of Earth’s fastest supercomputers.
This marks a major step toward “quantum-centric supercomputing,” where quantum and
classical systems work together to solve problems neither could tackle alone.
The system, launched in Kobe, features IBM’s 156-qubit Heron processor, dubbed as the
company’s best-performing quantum chip to date. It’s quality and speed is 10 times better than the previous generation 127-qubit IBM Quantum Eagle.
The two systems are connected via a high-speed network at the instruction level, creating a testbed for quantum-centric supercomputing.=
as the toilet swirls • June 25, 2025 11:53 PM
RFK Jr. Wants Every American to Be Sporting a Wearable Within Four Years
During a House committee meeting Tuesday, Kennedy announced a large-scale ad campaign from the federal government to hype wearable tech.
Clive Robinson • June 26, 2025 4:41 AM
@ ALL,
Privacy wake up call in the Google Gemini aisle!
Yup a change in terms of service, means that by the looks of it you can not stop 100% stealing of your text messages,
<
blockquote>“Gemini will now be able to “help you use Phone, Messages, WhatsApp, and Utilities on your phone whether your Gemini Apps Activity is on or off.” That change, according to the email, will take place on July 7. In short, that sounds—at least on the surface—like whether you have opted in or out, Gemini has access to all of those very critical apps on your device.”
<
blockquote>
Hmm “Client Side Scanning” made mandatory confirming the “client” is in reality the “product” and Law Enforcement and worse will nodoubt get “Third Party Business Records” access to everything you type…
Anyone else remember the Carrier-IQ debacle and the folks on the hill passing retrospective immunity legislation for US Telco’s?
Eriadilos • June 26, 2025 10:44 AM
https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
Vulnerabilities have been found in the SDK/reference implementation of a widespread SoC used in Bluetooth Headphones. A custom protocol is in place to read & write to both RAM & ROM, it is behing characteristics that are (most of the time) not requiring authentication.
This reminds me of the Sweyntooth vulnerabilities : vendor blackbox is flawed (in this case a plain and simple backdoor) and impacts a variety of end products.
How can a vendor protect itself against such supply chain risks / attacks ?
Even extensive pentesting & fuzz tests may not catch these attacks
lurker • June 26, 2025 1:32 PM
@Eriadilos
“A custom protocol is in place to read & write to both RAM & ROM”
Did they think there weren’t already enough holes in Bluetooth?
not important • June 26, 2025 3:40 PM
Work begins to create artificial human DNA from scratch
https://www.bbc.com/news/articles/c6256wpn97ro
=Work has begun on a controversial project to create the building blocks of human life from
scratch, in what is believed to be a world first.
The research has been taboo until now because of concerns it could lead to designer babies
or unforeseen changes for future generations.
“Building DNA from scratch allows us to test out how DNA really works and test out new theories, because currently we can only really do that by tweaking DNA in DNA that already exists in living systems”.
And although the project is hunting for medical benefits,
there is nothing to stop unscrupulous scientists misusing the technology.
They could, for example, attempt to create biological weapons, enhanced humans or even creatures that have human DNA, according to Prof Bill Earnshaw, a highly respected genetic scientist at Edinburgh University who designed a method for creating artificial human chromosomes.
“If we manage to create synthetic body parts or even synthetic people, then who owns them. And who owns the data from these creations? “=
lurker • June 26, 2025 8:11 PM
Judge backs AI firm over use of copyrighted books
“In his ruling, Judge William Alsup said Anthropic’s use of the authors’ books was “exceedingly transformative” and therefore allowed under US law.”
But Anthropic had been using pirated copies of some books, so still faces trial for this.
‘https://www.bbc.com/news/articles/c77vr00enzyo
and sorry but not sorry for readers in the US if you find that paywalled,
‘https://www.bbc.com/news/articles/cx2vgkn7w10o
Clive Robinson • June 26, 2025 9:48 PM
@ Eriadilos, lurker,
With regards,
“Vulnerabilities have been found in the SDK/reference implementation of a widespread SoC used in Bluetooth Headphones. A custom protocol is in place to read & write to both RAM & ROM, it is behing characteristics that are (most of the time) not requiring authentication.”
Two things,
Firstly, it’s “Flash” or “EEROM” not “ROM” technically they are sufficiently different that it would effect the way PoC attack code would be written.
Secondly the “not requiring authentication” is actually not that unusual.
Put simply when a chip comes off of the manufacturing line it’s in an “unknown state”… As “secure” authentication is all to often done by a “shared secret” or “hardware SOT” arrangement, this gives rise to an issue with very small minimum pin count chips, that are also low power thus low complexity chips for battery usage, that can not support certain types of cryptography.
Such issues are seen by manufacturers as neither a secret or usually a problem…
Because it’s usually resolved by a “fuseable link” that is blown after the device is programmed.
However if it’s not blown then yes it’s a “known vulnerability” that is accepted… Because to blow it would stop any ability for devices to be “remanufactured” thus add a significant process cost so make the devices not cost / profit effective.
But it’s interesting to see this,
“Any vulnerable device can be compromised if the attacker is in Bluetooth range. That is the only precondition.”
As they say “It tells a story” because it is actually not quite true…
That is because these devices are not authenticated then there is the issue of adjacent device jamming.
Consider, if you transmit data out, then any units in range will respond / acknowledge. If there is more than one unit transmitting then they will both be received by your receiver. Thus the two or more simultaneous responses will interfere with each other and potentially the “ack will fail” and the update / reprogramming fail as a consequence.
Clive Robinson • June 26, 2025 10:10 PM
@ not important,
To answer the articles question of,
“If we manage to create synthetic body parts or even synthetic people, then who owns them. And who owns the data from these creations?”
The answer depends on “What jurisdiction” you are in…
In the US, it’s who ever gets the patent on it…
This was decided some years ago when a person with interesting genetics that reduced their susceptibility to cancer found they had been patented by those who had access to their medical samples…
Similar with a hybrid rice, that the inhabitants of an island had cross bred for disease resistance. A well known US agro-corp got a sample of the rice and patented the gene sequences…
In other parts of the world you could not obtain a patent on “things natural” nor could you have restrictive ownership.
And in other parts of the world such genetic science / research is effectively banned (or was).
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Clive Robinson • June 21, 2025 12:25 PM
@ Bruce, ALL,
This may be worth looking into,
https://smex.org/open-letter-to-samsung-end-forced-israeli-app-installations-in-the-wana-region/
Apparently Samsung have “factory installed” spy-ware on phones sold into certain parts of Asia and Africa that form MENA (covering current regional potential war zones and surrounding areas that might form a supply chain).
With the Spy-Ware originating from an Israeli company that is now owed in the US. As such it is illegal in several MENA states as it’s Israeli in origin even though now “cut out fronted” by a US company (exactly the same behaviour the US has recently accused China of doing).
It appears this “direct install” at the factory end of the supply chain, is to obviate an issue where the spyware has been previously detected,
https://www.malwarebytes.com/blog/detections/adware-installcore
Worryingly Samsung are one of the major suppliers of phones in the MENA area. Thus this represents a serious security threat by what many countries in the region via as a “Hostile enemy combatant Nation” –Israel– that is actively attacking other nations and assassinating political and other leaders.
This can not end well…