Friday Squid Blogging: Squid Camouflage

New research:

Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused mainly on the chromatophore system for communication. Camouflage adaptations to the substrate while moving has been recently described in the semi-pelagic oval squid (Sepioteuthis lessoniana). Our current study focuses on the same squid’s complex camouflage to substrate in a stationary, motionless position. We observed disruptive, uniform, and mottled chromatic body patterns, and we identified a threshold of contrast between dark and light chromatic components that simplifies the identification of disruptive chromatic body pattern. We found that arm postural components are related to the squid position in the environment, either sitting directly on the substrate or hovering just few centimeters above the substrate. Several of these context-dependent body patterns have not yet been observed in S. lessoniana species complex or other loliginid squids. The remarkable ability of this squid to display camouflage elements similar to those of benthic octopus and cuttlefish species might have convergently evolved in relation to their native coastal habitat.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Tags: ,

Posted on December 26, 2025 at 5:08 PM23 Comments

Comments

Rontea December 28, 2025 2:54 PM

If reason alone can spiral into nihilism, how do we design systems—whether social, technological, or cognitive—that prevent this descent without relying on irrational safeguards?

Clive Robinson December 28, 2025 5:53 PM

@ Rontea, ALL,

With regards,

“If reason alone can spiral into nihilism, how do we design systems—whether social, technological, or cognitive—that prevent this descent without relying on irrational safeguards?”

The short answer is, there is no solution that works even moderately well, so we are stuck with “safeguards” that will always fail in some way.

The long answer is technology is agnostic in use and evan as base technology it can not be used to solve social problems.

Judgment of “Social Problems” are based on the “Observer Point of View” issue. That is the judgment of “Good or Bad” is made out of context usually some time after the event, AND… judged by mores, morals and experience of the observer.

We see this with “arm chair quaterbacking” or “Water cooler round ups”.

But the issue of safeguards is one we know can not be solved due to Claude Shannon back in the 1940’s before “information theory” realy existed (started early 1960’s).

If I share a “route of trust secret” with the system then I can transfer information that the observer safeguard can not see, so can not judge.

In the case of Current AI LLM and ML Systems, the input strings are in effect words and phrases or parts there of that form the LLM tokens.

These can be seen as “entries in a code book” or cipher alphabet.

Thus I can hide a message within a message by use of the necessary redundance for communicating information.

Which is a point Gus Simmons made in the 1970’s and 80’s.

In effect the redundancy in natural language allows a covert communications channel to be built within strings of overt plain text.

The observer or safeguard sees only the plain text, not the covert code. So it can not flag it up on facts only guesses… Which means that anything covert below the threshold will get through. But more importantly anything overt above the threshold will not, which is problematic for users as they will not be able to use the system.

In theory an observer can become a participant, and some how change the input for one of equal meaning but using different tokens.

This countermeasure however can be easily beaten by using a covert channel based on differential coding, or some form of parity.

Yes it reduces the bandwidth of the covert channel, but it makes the likelihood of the coded message getting through an active safeguard.

And again any such active safeguard will effect ordinary use of the system detrimentally.

lurker December 28, 2025 9:59 PM

A new study full of charts and numbers showing how the sun burns holes in GPS and ADS data

In May 2024, a strong spaceweather event affected communication and navigation systems across Europe. This study investigates how this storm impacted the aviation industry, specifically air traffic management, by looking at data from planes and Global Navigation Satellite Systems to understand the storm impact. The results show that the storm caused problems with positioning, leading to temporary gaps in data or errors. This in turn can make it harder for pilots to navigate safely and efficient. Overall, the research highlights the importance of monitoring spaceweather and its potential impact on critical infrastructure like air traffic control systems.

https://www.spaceweather.com/images2025/27dec25/report.pdf

winter December 29, 2025 10:48 AM

@Clive, All

Explains more about what the Current AI LLM & ML Systems “shell-game” is all about with a concrete example that happened just a few days ago.

Most, or almost all, of what you want to know about manias, panics & crashes can be found in:

Manias, Panics and Crashes: A History of Financial Crises

C. Kindleberger, R. Aliber
Springer, 10 aug 2005 – 309 pagina’s

Manias, Panics and Crashes , is a scholarly and entertaining account of the way that mismanagement of money and credit has led to financial explosions over the centuries. Covering such topics as the history and anatomy of crises, speculative manias, and the lender of last resort, this book has been hailed as ‘a true classic…both timely and timeless.’ In this new, updated fifth edition, Kindleberger and Aliber expand upon the ideas presented in the previous edition, and include two new chapters on the real estate price bubble that occurred in Norway, Sweden and Finland at the end of the 1980s, and the three asset price bubbles that occurred between 1985 and 2000 in Japan and other Asian countries. Selected as one of the best investment books of all time by the Financial Times, Manias, Panics and Crashes puts the turbulence of the financial world in perspective.

Clive Robinson December 29, 2025 8:16 PM

@ Winter, ALL,

It appears that my post you were responding to about the “shell-game” is not present here… The reality for those that actually was on the previous Squid page,

https://www.schneier.com/blog/archives/2025/12/friday-squid-blogging-petting-a-squid.html/#comment-450968

Anyway thanks for the book suggestion, I wonder if there is time to read it before this,

https://www.reuters.com/legal/transactional/nvidia-takes-5-billion-stake-intel-under-september-agreement-2025-12-29/

Plays out.

OK it’s only 1/1000th of Nvidia’s supposed value, but Intel really did blow off both feet quite willingly with bad move after bad move.

Which is why the share value of Nvidia dropped 1.4% or 14 times that 1/1000th…. And as the article notes Intel shares remained where they were.

I suspect the only reason behind this is “political” thus a case of throwing,

“Good money after bad”

Thus the questions arising are of course the three W’s,

1, Who’s idea was it,
2, What do they expect out of it?
3, Why did they think it was good?

What we do know is Reuters reported, Intel had an annual loss of $18.8 billion back in 2024. The result of several years of bad moves, that has seen monumental staff lay offs in the wrong areas of the business.

And that, “blows his own horn” Trump(eter) said he had signed a deal with Intel to acquire a 10 per cent stake…

https://apnews.com/article/trump-intel-us-equity-stake-b538526b6698f7ebd31e99effd727693

I could be wrong but I’m thinking that Chinese New Year 2026 is going to be a little more than the year of the “Fire Horse” and more like the “bonfire of the tech investors” 😉

Winter December 30, 2025 3:42 AM

@Clive

Anyway thanks for the book suggestion, I wonder if there is time to read it before this,

The first chapter(s) already paint the picture.

There are pdf’s available online.

The reality for those that actually was on the previous Squid page,

Sorry, I posted from a phone and got things mixed up.

Clive Robinson December 30, 2025 5:50 AM

@ Winter,

With regards,

“Sorry, I posted from a phone and got things mixed up.”

Don’t be sorry, there is no rule that says everything has to go on the same thread (that I’m aware of ;-)[1].

I was just providing a back-link for those that might be interested / curious.

And as you might have noticed, I mucked it all up around the word “actually” because like you I was using the phone, –and it is more multi-tasking than I am– and a SMS had come in that needed a response.

[1] If there was such a rule, it would kind of make threads so long no one could effectively navigate them…

Just try and imagine only one AI thread for instance, it would be more than several books by now. And… Well it’s really only historians and overly bureaucratic types that care about “time order” rather than “subject order”.

Not really anonymous December 30, 2025 7:24 PM

I found the the 39C3 talk on bitlocker interesting. I didn’t watch live and so couldn’t ask questions. It sounds like the bitlocker threat model allows physical access, but not for modification of the hardware. That may cover common thieves, but exceptional thieves can change or block changes to memory selctively using modified hardware. Also the speaker made claims about millisecond attack windows not being exploitable in that context. But there was a very convincing argument for this. Thieves with custom USB input devices might be able to hit a window that small. Using a low entropy pin is also not likely to be effective against exceptional thieves.

ResearcherZero December 31, 2025 12:16 AM

Mustang Panda is using using a rootkit to hide a new variant of the ToneShell backdoor. The kernel mode loader that injects the backdoor is signed with a certificate and registers as a minifilter driver. This protects the processes the backdoor is injected into and the driver against most attempts to detect and then halt or remove it. The minfilter driver is registered in the Windows file system stack allowing it to intercept file system operations in real time. This allows complete control of the system and prevents Microsoft Defender being properly loaded. Minfilter drivers have the ability to see, modify, block, and log any file activity before it is written to disk.

The position of the minifilter driver registration in the I/O stack also allows it to hide from security checks by intercepting file operations prior to antivirus components. Systems that had been infected with the ToneShell backdoor were infected with other malicious tools like ToneDisk USB worm and PlugX.

The new variant of the ToneShell backddor employs a number of other methods to disguise process activity and hide its functions to further complicate analysis.

‘https://www.securityweek.com/chinese-apt-mustang-panda-caught-using-kernel-mode-rootkit/

A USB worm configured to only launch within the target nation’s borders.
https://www.ibm.com/think/x-force/hive0154-drops-updated-toneshell-backdoor

For accessing air gapped systems, Mustang Panda has a number of tools to achieve the task.
https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-toneshell-and-starproxy-p1

Clive Robinson December 31, 2025 3:28 AM

@ ALL,

Another opinion on AI crash.

There is a fairly rapidly rising bubble of anti-AI-hype from those that see themselves as “cursed to have to use”. Combined with management increasingly becoming disillusioned with returns even at discount rate of 1/10th the cost it should be. As for vibe-coding, well lets just say it’s not replacing senior or experienced devs any time soon, in fact the opposite.

Will things AI change, “sort of” but not at any great speed, and probably not for LLM&ML systems.

Is there a place for Current AI LLM&ML systems, as I’ve indicated before there are somethings they will be used for just as “expert systems” from the 1980’s still are today.

But will it be enough to justify the manic building out of data centers that is going on?

Well that depends…

Because the GPU and support hardware is not LLM&AI specific. Quite a while ago I pointed out that an LLM&ML system could be built with an existing database engine. Well as I also point out from time to time such relationships are bidirectional, and if you look you will find there are in deed databases that will run rather well on GPU systems.

Something that suggests Governments will take interest in for Sovereign DBs to “run the affairs of State” as well as surveillance systems.

But the increasing feeling is the Current AI LLM&ML System hype bubble will burst… What then will happen next.

Well we know back from the times of canal building that a lot of hardware assets get left behind at vastly knocked down prices… These usually get bought up by “new money” that then build successful businesses with them.

Well here’s another opinion on what might happen “after the hype is gone”,

When the AI bubble pops, Nvidia becomes the most important software company overnight

Want to survive the crash? Find another way to make money with GPUs

https://www.theregister.com/2025/12/30/how_nvidia_survives_ai_bubble_pop/

It points out that there is rather more to GPU’s than LLM&ML systems used to make ChatBots and Vib coding crud,


The Register | HPE

AI + ML
46 comment bubble on white
When the AI bubble pops, Nvidia becomes the most important software company overnight
Want to survive the crash? Find another way to make money with GPUs
iconTobias Mann
Tue 30 Dec 2025 // 11:11 UTC
Today, Nvidia’s revenues are dominated by hardware sales. But when the AI bubble inevitably pops, the GPU giant will become the single most important software company in the world.

Since ChatGPT kicked off the AI arms race in late 2022, Nvidia has shipped millions of GPUs predominantly for use in AI training and inference.

That’s a lot of chips that are going to be left idle when the music stops and the finance bros come to the sickening realization that using a fast-depreciating asset as collateral for multi-billion dollar loans wasn’t such a great idea after all.

However, anyone suggesting those GPUs will be rendered worthless when the dust settles is naive.

GPUs may be synonymous with AI by this point, but they’re much more versatile than that. As a reminder, GPU stands for graphics processing unit. These chips were originally designed to speed up video game rendering, which, by the late ‘90s, was quickly becoming too computationally intensive for the single-threaded CPUs of the time.

As it turns out, the same thing that made GPUs great at pushing pixels also made them particularly well suited for other parallel workloads — you know, like simulating the physics of a hydrogen bomb going critical. Many of Nvidia’s most powerful accelerators — chips like the H200 or GB300 — have long since ditched the graphics pipeline to make room for more vector and matrix math accelerators required in HPC and AI.

If an app can be parallelized, there’s a good chance it’ll benefit from GPU acceleration — if you have the software to do it.

Anyone who has had their eye on IT at any scale from microcontrollers upwards since the mid 1990’s should know,

“The future is parallel and distributed.”

Even though “the majority of developers are sequential” thinkers.

Any way it’s not just an interesting opinion piece the start of the comments section is also food for thought.

Clive Robinson December 31, 2025 3:47 AM

@ ResearcherZero,

Another nasty for you to add to the collection,

An early end to the holidays: ‘Heartbleed of MongoDB’ is now under active exploit

A high-severity MongoDB Server vulnerability, for which proofs of concept emerged over Christmas week, is now under active exploitation, according to the US Cybersecurity and Infrastructure Security Agency.

The problem with MongoDB is, being “Open Source” it can be found in unexpected places. Though if you are doing Due Dilligence via Software BOM you should be aware of all instances of it.

The actual fault,

Identified as CVE-2025-14847, this CVSS 8.7 vulnerability in the widely used open-source MongoDB Server stems from mismatched length fields in zlib-compressed protocol headers. If exploited with a malformed packet, an unauthenticated remote attacker can read uninitialized heap memory.

The problem was very quickly fixed but…

ResearcherZero December 31, 2025 9:54 PM

Rubbing shoulders with those in the White House aids spyware vendors in evading sanctions.
Among those who was removed from the sanctions list is Sara Aleksandra Fayssal Hamou, a key enabler for Intellexa and two other executives from the company.

Intellexa previously targeted members of the United States Congress with Predator spyware.

Emergency spyware alerts were recently sent to users in more than 150 countries warning of spyware including Predator, Pegasus, and Graphite. While governments pretend they protect journalists and members of civil society, they hire mercenary agents to target them.

DFRLab previously found 435 entities across 42 countries involved in spyware development.
Relaxing sanctions will only reward spyware vendors for their recent worsening behaviour.

‘https://www.reuters.com/business/trump-administration-removes-three-spyware-linked-executives-sanctions-list-2025-12-30/

Delivering zero-click spyware using online ads helped Intellexa proliferate Predator.
https://www.infosecurity-magazine.com/news/predator-spyware-intellexa-evades/

Apple and Google issued multiple batches of warnings this year that extremely sophisticated spyware attacks had targeted members of civil society. Included in the list of those repeatedly targeted were again journalists, lawyers, activists, members of committees, senior officials, politicians, etc., demonstrating continued offending by spyware vendors.

https://www.forbes.com/sites/kateoflahertyuk/2025/12/08/apple-issues-new-spyware-attack-warning-to-iphone-users/

ResearcherZero January 1, 2026 12:03 AM

@Clive Robinson

A lot of cloud environments have MongoDB instances and the passwords are in plain text. The 90’s called and wants its exploits back. Many of the techniques used to get a root shell on systems from decades ago still work today, but now nearly all state-sponsored attacks. It is rare that anyone does it just for fun, rather the vast majority of hacks are malicious.

Many may not realise that Linux used code that dated back to Solaris. Turla used code linked to libraries from 1999-2004 in its tools that will still run on modern systems.

Cybernews has produced a number of reports looking at historical state-backed campaigns, now available on their Youtube channel. It gives a pretty good overview of some of the most consequential operations mounted against government systems and other sectors to steal huge numbers of files from sensitive systems. The videos don’t contain the kind of detail that presentations by researchers reveal, but nonetheless provide a wide range of information.

In one of the videos about Turla they mentioned Moonlight Maze, so I went back and looked at a presentation Kapersky researchers did when the discover the HRtest server Turla used as a proxy. The admin of the HRtest server captured all of traffic relayed through the server, which allowed the researchers to retrieve many of the sessions of the attackers.

The breach of the Pentagon, NASA, DOE and a bunch of other departments was not discovered until 1998. The attackers stole “classified naval codes, data on missile-guidance systems and other highly valued military information. The attackers also stole tens of thousands of files that included technical research, military maps, U.S. troop configurations, military hardware designs, encryption techniques and data relating to the Pentagon’s war-planning.”

Evidence of the attacks that began in 1996 was destroyed in 2008 under an FBI order. The HRtest server was discovered by researchers looking through heavily redacted FOI requests.
The admin had saved the server and all its contents, which were analyzed 20 years later.

‘https://www.secureworld.io/industry-news/moonlight-maze-lives-on-researchers-find-link-to-current-apt

The researchers were able to build a searchable graph from captured traffic and metadata from the HRtest server to map the activities of the attackers. The map produced from the research revealed where and what the attackers targeted.

The researchers also retrieved entire sessions where the attackers attempted to hack university servers to tunnel their traffic, then gave up and moved onto other university servers. The Russian hackers ran their own sniffing tools against themselves and discussed their progress and setbacks on forums. They dumped the password lists from servers using basic script kiddy techniques and then loaded their exploit kits from hacked servers they used for staging. Still, they remained undetected for years inside government systems.

https://www.youtube.com/watch?v=jgTDvvl_j5Y&t=155

Clive Robinson January 2, 2026 4:26 PM

@ Bruce, ALL,

When Guardrails don’t work

Apparently there is a bit of an outcry from French Politicians over a report from Bloomberg, that Ellon Musk’s X system is generating CSAM and similar via it’s embedded Grok AI system upon users simple requests.

We know that this has happened before and “supposadly” Ellon Musk’s entities had put in “effective guardrails” to stop such user activities.

Well if the Bloomberg reports are correct then Ellon Musk’s entities of X and Grok are like the users requesting, committing criminal acts.

You can read more on the French Outcry side in,

X’s AI undressing minors, women through photo edits sparks outrageGrok, the AI embedded in Elon Musk’s social media platform X, is currently following user requests to remove clothes from people in photos posted to the platform. According to a Bloomberg report, it also created sexualised images of minors in recent days.“

https://www.euractiv.com/news/xs-ai-undressing-minors-women-through-photo-edits-sparks-outrage/

Almost every week we get a report that,

“Current AI Guardrails Do Not Work.”

Clive Robonson January 2, 2026 5:13 PM

Transcript of Correy Doctorow’s 39C3 talk

It was posted yesterday and it’s a fun read, you will find a large number of gems in there which will limit or stop enshitification of the world by US Corps that rip off every one Americans and their chances of employment as well…

“Raiding Big Tech’s margins is not an attack on the American people, nor on the small American businesses that are ripped off by Big Tech. It’s a raid on the companies that screw everyday Americans and everyone else in the world. It’s a way to make everyone in the world richer at the expense of these ripoff companies.

It beats the shit out of blowing hundreds of billions of dollars building AI data-centers in the hopes that someday, a sector that’s lost nearly a trillion dollars shipping defective chatbots will figure out a use for GPUs that doesn’t start hemorrhaging money the minute they plug them in.

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

As I’ve said it’s a fun read go and enjoy it.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.