Schneier on Security

Clive Robinson • February 27, 2026 9:34 PM

@ ResearcherZero,

With regards,

“The Resurge implant lays dormant waiting for a specific inbound TLS connection. Resurge inspects incoming traffic and passes legitimate traffic to the server, enabling long-term persistence.”

It sounds like a variation in reverse of the old idea of “Port Knocking”…

How often have I said “sour/old wine in new bottles”? About such idea reuse…

Sometimes I think two things are happening,

1, Attackers are not coming up with new attacks only reworking old ones.

2, Defenders are not learning from old lessons even in very short periods of time.

With logically the second issue begets the first.

I do come up with new ideas from time to time, but since people told me off for daring to talk about them in a public place…

But I’ll risk this one,

As some will have noticed ML needs “fresh meat” to train LLMs and attackers need to exfiltrate “confidential data” to do their blackmail etc.

Take a step back and there is actually no difference between their actions, only how the “Directing mind” and “impartial observer” see things.

Therefore can an attacker make their data exfiltration look like an LLM grabbing input?

The answer is of course “yes”…

As they used to say,

“Nuff said”

Lets start the count down untill some one does it (assuming LLMs are still around and have not turned the World into a “black hole” by then 😉

Clive Robinson • February 28, 2026 3:07 AM

@ ALL,

Israel attacks Iran

I was actually expecting the attacks on Iran to begin by the US immediately after Trumps speach.

However it looks like Trump is letting Israel take the lead for now (BBC live-news),

https://www.bbc.co.uk/news/live/cn5ge95q6y7t

Why is this important to ICTsec, well we know that the Anthropic AI system was used by what Trump now calls the Dept of War and apparently was most important in the attack on Venezuela…

This has noticeably upset Anthropic CEO Dario Amodei, who has finally said publicly it’s not in contract and will not be after demands from Executive idiot in chief Pete Hegseth.

Basically Dario Amodei has said the company won’t change its stance on guiderails to stop two major areas of activity by the US Gov and Departmrnt of War,

1, Mass Domestic Surveillance.
2, Autonomous Control of weapons targeting.

Both without human judgment in the “kill chain” (and I can see Dario Amodei’s point, not least because it turns him and Anthropic into “scape-goats” from typical US politicians mouthing off nonsense as they so frequently do).

Both of these “baby tantrum” want’s of Pete Hegseth have proved not just dangerous for civilians they have also caused embarrassment for the US and it’s allies repeatedly (but apparently the current US Executive just don’t learn lessons, they just rant and rail).

And true to the “I’m dumb playbook” Pete Hegseth has decided to throw the toys out of the pram and use threats of,

1, Defense Production Act.
2, Declare them a supply chain risk.
3, Cancel existing contracts.

Which makes it rather more than a “baby tantrum” and could have US economic fall out that once started will not be easily stopped.

https://www.theregister.com/2026/02/25/pentagon_threatens_anthropic/

Clive Robinson • February 28, 2026 5:07 AM

@ Ismar,

It’s not just “Trump and Netanyahu” it’s one heck of a lot more like “guard labour” with an attitude of,

“Walking / driving whilst being brown, is a crime that should be shot down”

Which unsurprisingly gets both brain dead support and significant “push-back”. So a vicious cycle forms.

The law requires a “jury of peers” but actually only implies it’s for a defendant…

Maybe if the “blue line” got not a jury of their peers but a jury of their victims peers, they might start thinking about what that will mean for them.

Clive Robinson • March 2, 2026 2:15 AM

@ lurker,

With regards,

“Nemo already has a couple working below sea level”

They are not the first to realise that “underwater” is a good place to be as far as getting rid of heat is concerned.

Heat is a form of energy that makes molecules vibrate more rapidly so for it to move there needs to be a coupling mechanism. Which is why there are three fundamental ways in the macro world heat energy moves from Hot to Cold[1],

1, Radiation
2, Conduction
3, Convection

Of the three, only the first is available to you in space and it’s the least efficient of the three in the temperature ranges we are considering. Where as under water using the surrounding water as the “working fluid” all three are available.

For various reasons to do with the “environment” you want to be below the wave “roll” depth which means in effect 20m or more. Also due to what lives in water, you want to go where the opacity of the water reduces as much as possible to reduce befouling. You also want a solid foundation at that depth and lack of significant seismic activity.

Which means you are looking for a gently sloping geologically old rock formation which means you have to be aways off-shore.

This distance off-shore makes for other issues such as “power transmission loss” and significant expense. So it’s best to generate it as localy as possible.

There are three basic sources of energy off-shore,

1, Wave
2, Solar
3, Wind

Of which the most reliable is Wave power but the hardest to harvest in most cases. Least reliable is wind but the easiest so far engineering wise to harness.

One of the most reliable places for wave and wind and suitable geology for engineering and lowish ecological factors is Scotland. Which is just one of the reasons a bunch of people in there were looking into sustainable energy more than half a century ago.

What few realise is that taking energy out of the wind or waves has a down stream “calming effect” thus a by product is that it has a small but measurable effect on reducing what is called “coastal erosion”. But close in it means that any down stream engineering is less subject to extremes of forces in storm etc conditions.

These are all things that Microsoft were looking into when they did research in Scotland going back a couple of decades ago.

The problem they ran up against was one I’ve mentioned before with intermittent generation of energy from solar, wind and wave sources and that is “demand matching” between generation and load. Which is basically the need for energy storage in some way. Something which we are still very bad at due to limited use cycles[2] and energy density which is problematic for continuous load systems such as “Data Centers” where you want maximum stability over all human appreciable time spans.

Put simply a “shipping container” sized data center will need atleast another five or six equivalent sized containers just for power. With the cost in what is effectively “consumables” of batteries being very significant even now. But also the engineering and maintenance costs would still be ruinous.

Which is why Microsoft looked at using large off shore wind farms tied into not local storage but the very distant “national grid”.

As was demonstrated last year in Portugal, Spain and part of France, even “trans-national grids” for over 100millon people can and do fail for reasons we as yet do not fully comprehend so can not mitigate.

Blackouts are usually significantly life shortening for high power usage semiconductors[3] AND the systems they are contained in. It’s bad enough having systems in the middle of nowhere, worse up hills and mountains and well sub-sea is just “off the chart”.

So whilst sub-sea unlike in-space is “within engineering scope”, it is not going to have an ROI for quite some time to come. With accessibility and power reliability being the two major problems that need solving first…

[1] The reason heat energy moves from hot to cold is the same as for time only moving in one direction and that is “Statistical Mechanics” I could spend a lot of column inches explaining it, or I can just give a link to someone else who also has nice graphics,

https://m.youtube.com/watch?v=oW1swU54CiM

[2] Limited use cycles is why EV Cars have little or no residual value after a very short time period. Something people are just starting to find out with nobody wanting to even haul away EVs for scrap after a half decade…

[3] Power instability is a killer for high power electronics for a number of reasons, some of which surprise many people. The hardest to solve is caused by “heat” and thermal expansion and contraction of “differing materials” like solder and case seals.

Clive Robinson • March 2, 2026 5:36 PM

@ ALL,

Another textbook example of not thinking it through…

As some might have seen the word “MicroSlop” is taking over since Micro$haft tried pushing CopPilot down peoples throats…

But some have fairly stringent legle requirements for “confidentiality” laid upon them and the AI nonsense that does an “ET Phone Home” every minute or so to the MicroShaft cloud service offering, is never going to fly.

Microsoft gets tired of “Microslop,” bans the word on its Discord, then locks the server after backlash”

“Microsoft’s aggressive AI push in Windows 11 through 2025 brought upon themselves the title Microslop. Unfortunately for the company, it’s everywhere on social media, and there isn’t a way to stop the spread, unless, of course, it’s their own Discord server.“

https://www.windowslatest.com/2026/03/02/microsoft-gets-tired-of-microslop-bans-the-word-on-its-discord-then-locks-the-server-after-backlash/

Clive Robinson • March 4, 2026 6:50 AM

@ ResearcherZero, lurker, ALL,

Stupidity comes home to roost and be roasted…

I’ve mentioned a couple of things over the past couple of months,

1, Second entity investment.
2, AI threatens US and global economies.

Well second entity investment works in both directions and thus you have a value chain that is a bit like a whip in nature in that if you wiggle the handle the tip slithers on the floor. But what happens if the whip is rather more than wiggled?

Well it looks like we might be about to find out,

Oil shock fear hits Asian tech stocks while European selloff pauses

“Selling in hard-hit European shares paused on Wednesday as the focus shifted to Asia – including a record-breaking crash in ​Seoul, where investors dumped chipmakers on fears the widening Middle East war will create an oil price shock, raising inflation and delaying interest rate cuts.
Traders’ rush ‌to unload different asset classes around the world has at times threatened to become chaotic this week as they process the consequences of energy prices remaining elevated for an extended period of time.“

https://www.reuters.com/world/china/global-markets-global-markets-2026-03-04/

Energy is a “whip hand” of not just an economy but society as well.

If explained here in the past how “Energy Wars” are the new “Water Wars” that history shows are a weapon of dominance the US is trying to exploit.

The Iranian war is not really about “nuclear weapons” but as was seen with Venezuela the US trying to control the Energy that potential rivals have access to,

‘https://www.thestar.com.my/news/world/2026/03/04/exclusive-us-turns-up-heat-on-venezuela-with-threat-to-indict-new-leader-delcy-rodriguez

Presumably to create significant issues in and around the South China seas and up the West Pacific coast line. In essence to stop economic growth there, thus make various types of “warfare” much easier in the near future.

Trump in his hamfisted way wants the EU to buy US weapons at over inflated prices as a subsidy for the US arms industry to build up for what may turn into a global war.

France amongst other Nations in Europe think building alliances with nations in Europe and Asia for defence production would be a way safer way to go than the US and it appears Canada feels likewise.

Thus the Trumpian idea of make Europe pay for the weapons the US is going to use against them and other nations looks like it’s going to get derailed.

So the US has decided to just as Putin did “turn the taps of to other countries –at the Eastern Edge of Europe– for political control. The difference is Trump and Co are trying to do to the World but especially Asia.

And it’s not going to end well, as you should “never appease a tyrant or terrorist”.

Clive Robinson • March 5, 2026 5:51 AM

@ ResearcherZero, ALL,

With regards the “whip hand” and where the cracks happen…

You note,

“Wars always serve as great distractions to keep the public occupied with the price of petrol, supply shocks, inflation and a steady stream of news content that is not focused on domestic affairs. It gives those in the executive branch a lot of room to enact measures which serve other longer term objectives and sure up their power to deal with any dissent.”

Unfortunately, unless those “in the executive branch” shore up the foundations first, consequences happen…

For instance we saw the mess before when oil was not getting “moved down the supply chain” and just a few of the effects it had on the global economy…

Well,

Iraq Is Already Shutting Oilfields. Kuwait Is Next. Here’s the Gulf Storage Crisis Explained

Iraq has already started cutting output. Kuwait could follow within days. Saudi Arabia may have as little as two weeks before it has to shut in production. Here’s what it means for markets.

“The Gulf’s biggest oil producers are running out of room to store crude — and running out of time to resume exports before they are forced to cut production entirely.

Iraq became the first major exporter to begin winding down output this week, reducing production at three of its largest oilfields as the Strait of Hormuz remains effectively closed to commercial tanker traffic. The shutdowns mark a dramatic escalation in the economic fallout from the Iran conflict, shifting the crisis from financial markets into the physical infrastructure of global energy supply.“

https://europeanbusinessmagazine.com/business/iraq-is-already-shutting-oilfields-kuwait-is-next-heres-the-gulf-storage-crisis-explained/

But it’s not just the oil supply.

The US uses “Hi-Tech Weapons” they are very expensive and slow to produce for a whole bunch of reasons.

Iran is attacking with drones that cost maybe $30k each, to shoot them down the US and their allies in the Middle East are burning through Hi-Tech weapons that cost close to 30 times as much in the hundreds / hour and they can only be made in very low quantities that is in some cases down below 10/day and that rate cannot be ramped up easily.

But ask what else a $30k drone can do? And the answer comes back that air defence system radars that are very very few and are $billon infrastructure can and have been taken out.

So from the foundation economics and supply level the US is loosing the Iran war rather rapidly and it’s not sustainable for them or their allies.

The fact that Iran are going after “anti-balistic missle defence systems” may be a portent for what they are planning next.

The US Executive have claimed they want to stop Iran,

1, Getting Nukes.
2, Getting delivery systems.

As these are generally very expensive multi million dollar weapons what strategy would you use to make them more likely to succeed?

How different does it look to Iran’s current strategy?

But also attacking “oil supply” we already know what is going to happen so Iran does as well…

The US Executive have not thought their support for the “Keep Netanyahu out of jail” play…

Which really makes me think that Anthropic were right and the US Executive are using AI in the Depatment of War… To plan things by asking the wrong questions and not checking the hallucinations / soft bullshit they are getting fed back.

But keep your eyes open, if Iran start attacking the “water supply” in US allies the the Middle East will be “three cups of water” from Kingdoms being removed by the people in most undemocratic ways.

In the past I’ve talked here about “Energy Wars” being the new “Water Wars” that thousands of years history tells us can bring not just Countries but Empires down very very quickly.

A $30k drone can take a desalination plant off line for not just days but weeks if not effectively permanently. For some they are way more than “critical infrastructure” they are “existential infrastructure” that does not get anywhere near sufficiently defended…

So just a few things to ponder on…

Clive Robinson • March 5, 2026 3:16 PM

Yes 404 Media uses a form of “paywall”

And as I’ve said before, articles from any source people find “of note” get copied to some form of archive for later availability.

Whilst actually legal to archive for certain reasons, research being one, some find this questionable behaviour, which is perhaps understandable if your survival depends on subscriptions and the like (let us not get into the over priced “Journals” debate).

Finding such archived material is usually not difficult, and in fact it could be said if it’s not archived it’s probably not worth reading).

One way is to take the article title and put it in a search engine like DuckDuckGo.

You might not directly find the archive, but you may well find an article with a reference that links to an archived copy.

Which in this case gave up,

https://archive.ph/N3BZV

For a lot less than 5mins of time effort.

Clive Robinson • March 5, 2026 8:25 PM

@ lurker,

With regards,

“The US has asked Ukraine for help defending Gulf allies against Iranian drones“

As I’ve mentioned in the past couple of days the US is actually loosing this war they and Israel have started…

As can be clearly seen drones that cost $30k or less are getting through past defence weapons costing 30 times as much. But more importantly as the Ukrainian war has shown you can make upto a half million or so drones a year that’s more than 2.5k every day… OK most are not capable of specialised roles like long distance flight or intercept activities but there is the “mother-ship principle” to consider… Much like that of multiple warhead missiles one long range drone carries in many short range drones. Worse on detection systems very inexpensive drones can look like the expensive drones so as a defender you have to go after them all.

Now compare that with those US high tech weapons that are rolling out at probably less than one a day at the moment and the inventory the US and it’s allies have is now virtually “shot through”…

What happens when they are gone for the allies?

The US are already loosing $billion+ missile defence radar systems for THAAD etc it’s clear that Iran has been planning it’s response to attack by the US for years and has done it’s homework, even down to planing around “decapitation strikes”.

But US allies in the region have issues. If Iran take out $billion+ sites that are defended by numerous systems what of “water plant” like desalination plants?

Many of the US allies in the region are just three drinks away from going dry and dying of thirst is not a nice way to go, especially when civil war would be a more appealing fate to remove unpopular “Kings”.

But the US appears to have not considered the issue of a “decapitation strike” that was planed for… A plan that gives devolved control to many commanders can not be ordered to stop if the recognised leader is gone. Some might stop others might not, in theory there can now nolonger be a “surrender” given.

So the US Executive has a problem of it’s own making, so it’s asking to be bailed out by those who have experience fighting against drones… I can tell you that the US like Russia is not going to like the answers to those questions…

Russia went in on stupidity and pays every day for it…

Tell me how wise was the US Executive knowing that Iran makes large quantities of long range drones and knows how to use them, and then going in blindly? With US military commanders armed with “bible quotes”, “conservative attitudes”, and idiot evangelism more than a three quarters of a century old having been given primacy in the US Military by “Good old Pete, where’s my Signal group phone”?

Time will tell but it’s clear Iran has planed thoughtfully, the US Executive “not so much” if at all. After all “Good Old Pete” thinks AI gives good ideas…

The thing is it may be a matter of just a few days before the outcome of this war is decided as various tipping points are crossed.

As has been dryly noted “Magazine Depth is not just a matter of logistics”.

Clive Robinson • March 6, 2026 11:01 AM

@ Bruce, ALL,

Corporate BS love is indicator of a useless employee

I must admit that I’d not thought about it in quite this way… But yes my experience is that it’s probably true,

Workers who love ‘synergizing paradigms’ might be bad at their jobs

“Published in the journal Personality and Individual Differences, research by cognitive psychologist Shane Littrell introduces the Corporate Bullshit Receptivity Scale (CBSR), a tool designed to measure susceptibility to impressive-but-empty organizational rhetoric.

‘Corporate bullshit is a specific style of communication that uses confusing, abstract buzzwords in a functionally misleading way,’ said Littrell, a postdoctoral researcher in the College of Arts and Sciences. ‘Unlike technical jargon, which can sometimes make office communication a little easier, corporate bullshit confuses rather than clarifies. It may sound impressive, but it is semantically empty.’“

https://news.cornell.edu/stories/2026/03/workers-who-love-synergizing-paradigms-might-be-bad-their-jobs

In some ways it’s actually quite funny, in others deeply sad.

The article concludes that,

‘Most of us, in the right situation, can get taken in by language that sounds sophisticated but isn’t,” Littrell said. “That’s why, whether you’re an employee or a consumer, it’s worth slowing down when you run into organizational messaging of any kind – leaders’ statements, public reports, ads – and ask yourself, ‘What, exactly, is the claim? Does it actually make sense?’ Because when a message leans heavily on buzzwords and jargon, it’s often a red flag that you’re being steered by rhetoric instead of reality.‘

Clive Robinson • March 6, 2026 3:47 PM

@ Winter, lurker,

From the second link article we see,

“Our results also suggest that a bias toward accepting statements as true may be an important component of pseudo-profound bullshit receptivity.“

I wonder how it relates to “over trusting” and “gullibility” in individuals which is a form of “child like” behaviour necessary in the early part of a childs development thus survival in less safe natural environments?

And if so… how this relates to certain other things in later life like falling in with cults and the like?