Recent Comments


Note: new comments may take a few minutes to appear on this page.

October 19, 2021 12:38 AM

JonKnowsNothing on Friday Squid Blogging: New Giant Squid Video :

@All

MSM report that a school district in the UK has been using FaceID to tag students in the lunch line.

It appears that the schools have used other methods to ID which kids have paid and which kids have not paid for their lunches.

The sales pitch is that school lunch breaks are short and standing in line takes up a good part of the lunch period with 25 minutes used to drop-flop-mop the food on the plates...

October 19, 2021 12:04 AM

SpaceLifeForm on Friday Squid Blogging: Strawberry Squid :

@ FA, Freezing_in_Brazil, Clive

I seriously doubt that it disappeared due to Alice and Bob.

There were other keywords involved.

October 18, 2021 11:28 PM

Weather on Friday Squid Blogging: New Giant Squid Video :

@name.with ,all

Pyshcose is a strange illness, it heightens your sensor so you notice a bird in a tree, or someone walking the other side of the street in gum boots, you might know someone is about to walk around the corner because of the type a bird charped, you have to process everything, normally they prescribed anti depression meds as the brain procive it as torture ,
Saying that it is hard to tell through online weather the guy was paranoid or it happened, and as I’m not going to visit the country there’s no point helping...

October 18, 2021 11:21 PM

SpaceLifeForm on The Missouri Governor Doesn’t Understand Responsible Disclosure :

hxtps://www.kmov.com/news/missouri-governor-urged-to-appoint-cybersecurity-panel/article_0a176a1d-8ff1-5190-a5ea-2d37def8b412.html?block_id=1057681

Three months after creation of a commission to identify cybersecurity risks in state government, Missouri Gov. Mike Parson has yet to appoint any members. A state lawmaker said Friday that vulnerabilities exposed on a state website prove the need for just such a panel of experts...

October 18, 2021 10:06 PM

SpaceLifeForm on Friday Squid Blogging: New Giant Squid Video :

Fastest admission of a Ransomware Attack that I’ve ever seen.

hxtps://www.sec.gov/Archives/edgar/data/912752/000119312521300540/d245680dex991.htm

Baltimore, MD (October 18, 2021) – Sinclair Broadcast Group, Inc. (Nasdaq: SBGI) today provided information on a recent cybersecurity incident.

On October 16, 2021, the Company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the Company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted. Data also was taken from the Company’s network. The Company is working to determine what information the data contained and will take other actions as appropriate based on its review...

October 18, 2021 8:48 PM

echo on Friday Squid Blogging: New Giant Squid Video :

https://www.politico.eu/article/uk-echr-strasbourg-human-rights-raab-supreme-court/

U.K. Justice Secretary Dominic Raab on Sunday said an upcoming overhaul of the U.K.’s Human Rights Act would include a “mechanism” to “correct” rulings by the European Court of Human Rights.

Worrying. I’ve also read that Raab is working on creating a mechanism so the government can create ad-hoc legislation to “correct” judgments they “believe” are incorrect...

October 18, 2021 7:23 PM

Clive Robinson on Friday Squid Blogging: New Giant Squid Video :

@ name.withheld…, ALL,

… a secondary board on his cellular telephone had a modified keyboard PCB populated with an Actel FPGA and associated transceiver hardware.

Curious?

Any idea what cellular telephone it was?

As modern Smartphones generally do not have keyboards, but… a lot of phones out of the Far East that have “removable batteries” do.

October 18, 2021 7:09 PM

Clive Robinson on Friday Squid Blogging: New Giant Squid Video :

@ SpaceLifeForm,

Have you read the second paper?

“AMD Prefetch Attacks through Power and Time”

https://publications.cispa.saarland/3507/1/amd_prefetch_sec22.pdf

You will find that “your favourit itch” Amazon’s EC2 Cloud gets mentioned as being vulnerable.

The thing about these types of attack is people say “they have not been seen in the wild”… But they neglect to mention that spoting them is something that whilst is not impossible is not realy going to be possible for by far the majority except by well down the road “knock-on” effects...

October 18, 2021 6:46 PM

name.withheld.for.obvious.reasons on Friday Squid Blogging: New Giant Squid Video :

18 Oct 2021 — Is it me or is it Moi?

During a Chaos Computer Club presentation on 30 Dec 2019, Andy Müller-Maguhn gave a presentation about the circumstances and issues concerning his work at Der Speigel and various projects with Wikileaks. Andy’s experience is that of a person of interest within the context of a CIA covert program/operation (potential black bag issue).

Andy details a series of increasingly intrusive incursions in his life and the subversion of various technical domains. From initial tailing and observations, to physical break-ins, lock tampering and replacement, hotel maid intrusions and some interesting phone system hardware-based wiretapping. His evidence, a secondary board on his cellular telephone had a modified keyboard PCB populated with an Actel FPGA and associated transceiver hardware. It appears that the transceiver can be triggered remotely, there is 16 GBytes of local storage and an interface that attaches to the audio header. The mod is more than a hack, it is a hardware substitute for something like the software version of a key logger and audio tap with storage. Not impressive, but not amateur either...

October 18, 2021 6:44 PM

SpaceLifeForm on Friday Squid Blogging: New Giant Squid Video :

Silicon Turtles

Whether your desktop PC is Intel, or AMD, if you are hinking security, I recommend that you disable SMT and just deal with the performance impact.

Just pretend you are using a 486DX2 with 64MB ram and be grateful that it is not swapping your hard drive to death.

October 18, 2021 5:01 PM

SpaceLifeForm on Friday Squid Blogging: New Giant Squid Video :

Silicon Turtles

hxtps://therecord.media/academics-find-meltdown-like-attacks-on-amd-cpus-previously-thought-to-be-unaffected/amp/

Yesterday, AMD confirmed this second attack as well and said that just like the issue disclosed in August, all AMD CPUs are vulnerable.

[Peeks at what was a brand new, now over year old Ryzen box that I have never connected power to, never booted. Am I paranoid or what?]...

October 18, 2021 4:36 PM

Clive Robinson on The Missouri Governor Doesn’t Understand Responsible Disclosure :

@ SpaceLifeForm,

The list is printed on the Missouri State Tax form instructions. Available online.

I wonder what else is online in Missouri…

One thing I’m sure is not, is the “OFF Switch” for the orifice “Below the Parson’s Nose”…

October 18, 2021 4:29 PM

SpaceLifeForm on The Missouri Governor Doesn’t Understand Responsible Disclosure :

Who knew one can decode the HTML source code?

So, any employee of any K-12 School District in Missouri should assume that their SSN has been exposed.

I believe most readers here understand that just the combination of Name and SSN is potentionally problematic.

A bit more effort, and Address found.

And, bang! Credit Fraud.

So, who jumps first?

Is the State of Missouri going to wake up?

Or, will there be a lawsuit?...

October 18, 2021 3:51 PM

SpaceLifeForm on The Missouri Governor Doesn’t Understand Responsible Disclosure :

Who knew one can decode the HTML source code?

I am curious as to why this Missouri website actually exists. I did not know it existed and have never visited it.

Apparently, it was or is searchable via multiple formbox methods.

One of those was or is via School District.

And, via that query, all of the results would be there, in the HTML. At once, all of the employees of that District.

So, the entire site was easily scrapeable...

October 18, 2021 3:01 PM

FA on Friday Squid Blogging: Strawberry Squid :

@Freezing_in_Brazil

Perfect. Your post says it all.

Not sure how to understand this…

It could mean that you agree with what I wrote, or the ‘perfect’ could be meant sarcastically and you consider me a perfect racist moron…

Fact is that my post was deleted. Probably by someone who didn’t understand the reference to ‘Alice and Bob’ – the link that @Clive posted.

...

October 18, 2021 12:17 PM

NombreNoImportane’ on The Missouri Governor Doesn’t Understand Responsible Disclosure :

Seems pretty obvious that the Gov in this case is a full blown Authoritarian. And is getting bent out of shape on this because he see’s this as a political attack on Trust, instead of what it really is, as the Krebs article lays out.

October 18, 2021 10:57 AM

Freezing_in_Brazil on Friday Squid Blogging: Strawberry Squid :

@ MarkH

I was under the impression that a single, independent event could, as you say, play the approximate role of radioactive decay. The jitter, I think, could be converted to bits, like alpha decay bits. By combining the various types of waves generated in an earthquake one could have an abundant and fast source of entropy,

There may be a flaw in my reasoning, but I’m having a hard time seeing it...

October 18, 2021 10:40 AM

Clive Robinson on Friday Squid Blogging: New Giant Squid Video :

@ SpaceLifeForm,

With regards,

“revil ransomware shuts down again after tor sites were hijacked”

Looks like someones “Root of Trust” has gone “Walkabout”…

Speaking of which apparently their glorious leader “Unknown” has also gone “Walkabout”.

The dots might be very close, and not far from a nice little room, with spartan furnishings and no view to speak of. In fact SAM or equivalent might be to blaim...

October 18, 2021 10:28 AM

Denton Scratch on Security Risks of Client-Side Scanning :

It’s always great when Ross writes something.

Sure is! Clayton is good too. But LightBlueTouchpaper is not on my regular reading list, because they don’t post very often. So thanks for the tip-off.

October 18, 2021 10:15 AM

Impossibly Stupid on The Missouri Governor Doesn’t Understand Responsible Disclosure :

One hopes that someone will calm the governor down.

You’re being far too optimistic, Bruce. If there were any “someone” who could do that, they would have stopped Mike Parson before he made a fool out of himself. Either he’s being sabotaged, or it points to greater corruption (e.g., incompetent IT staffing as a result of political favors). We’ll know when heads roll (or don’t).

I don’t expect a state governor to necessarily be a computer expert. I ...

October 18, 2021 10:10 AM

Clive Robinson on The Missouri Governor Doesn’t Understand Responsible Disclosure :

Well the Goverhor Mike Parson said,

“We will not let this crime against Missouri teachers go unpunished, and refuse to let them be a pawn in the news outlet’s political vendetta,”

I was agreeing with him untill “news”.

I think those responsible for the system should be sanctioned for failing both “a public duty” and “a private duty”

As for costing $50million…

Only if Gov Mike Parson can push it that high to benifit him directly or indirectly (he is that type after all)...

October 18, 2021 9:43 AM

sanlewis on The Missouri Governor Doesn’t Understand Responsible Disclosure :

… the governor is a politician and thus a dope by definition; however, politicians play politics and he is primarily doing that here.

State politics demands he deflect blame for his administration’s screwup.

The teacher’s Unions are not happy about the breach of teacher’s personal data — and those unions are a very powerful political force.

Governor needed a scapegoat fast — those evil newspaper reporter-Hackers conveniently fit that immediate political purpose...

October 18, 2021 9:33 AM

Peter A. on Security Risks of Client-Side Scanning :

Let’s rephrase it in 1970’s terms; maybe in this way it hits home (pun intended):

THE GUVMINT:

OK, many people oppose to all their [analog landline – editor’s note] phone conversations being eavesdropped and all their [paper – ed. note] letters & packages being read & examined by crooks without any warrant & control, effectively treating everybody as violent criminals under suspicion of planning a horrible crime; so let’s put secret agents in everybody’s home instead, make the agents follow you wherever you go, and call the new agency CSS...

October 18, 2021 9:02 AM

Steve on Friday Squid Blogging: New Giant Squid Video :

I’m curious why my post rebutting the putative link between mRNA vaccines and myocarditis has been removed but the original posting making the claim remains.

The link I provided is to a reasonably reliable source (Business Insider) and is sourced itself to Reuters.

October 18, 2021 7:46 AM

Winter on The Missouri Governor Doesn’t Understand Responsible Disclosure :

In addition to not understanding internet security, Mike Parson also does not (want to) understand public health and infectious diseases. There seem to be a general treand of not understanding severe risks in government and attacking messengers.

ht ps://en.wikipedia.org/wiki/Mike_Parson#COVID-19_pandemic
ht tps://www.wsws.org/en/articles/2021/06/28/misso-j28.html

October 18, 2021 7:24 AM

Winter on The Missouri Governor Doesn’t Understand Responsible Disclosure :

A US State governor (R) who does not understand internet security? Is that a question?

I thought the original incidence had already showed beyond any doubt that they do not understand even the basics of internet security in the governor’s office.

October 18, 2021 4:17 AM

MarkH on Friday Squid Blogging: Strawberry Squid :

@Freezing_in_Brazil:

I mentioned above the lack of independence among earthquake events.

As I wrote on another thread, I chose 4.5 magnitude as a cutoff in the hopes of minimizing correlated events such as aftershocks … but of course that’s a crude “filter” which fails altogether in some circumstances.

I was just reading about the 2011 Fukushima disaster, and decided to take a look at the USGS files for that year. Keeping in mind my dataset eliminates all quakes weaker than 4.5:...

October 18, 2021 12:08 AM

MarkH on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

@FA:

I thought you might enjoy the little guessing-attack formula presented above.

Its derivation is elementary, but has a number of steps which would be difficult to represent given the reality of comments formatting.

If you’re interested, I’ll try to pass it along one way or another.

October 17, 2021 11:40 PM

SpaceLifeForm on Friday Squid Blogging: New Giant Squid Video :

Interesting. There are dots.

Approximately 24 hours ago, US FOX broadcast a ticker on top of screen (all paths, broadband, dish, or OTA), informing viewers that later the FOX OTA Broadcast would be down for about 2.5 hours due to maintenance. But just the OTA would be down.

hxtps://therecord.media/sinclair-tv-stations-disrupted-across-the-us-in-apparent-ransomware-attack/

October 17, 2021 6:23 PM

MarkH on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

.
Amount of Distribution Bias, Pt. 10

I’ve discovered a rather pleasing formula for guessing attack effectiveness.

By way of review, this is an analysis of extracting unpredictable numbers from radioisotope decay with an average of λ detections per second, by recording the low-order bits of a high-frequency counter when each new decay is detected.

I call the time for those low-order bits to wrap around the time modulus, or μ. Note that μλ is the time modulus as a fraction of the average time between detected decays. The smaller that fraction, the less the bias...

October 17, 2021 6:13 PM

SpaceLifeForm on Friday Squid Blogging: New Giant Squid Video :

@ JonKnowsNothing

Old dots. Global warming and migrating bats.

hxtps://www.pasteur.fr/en/press-area/press-documents/sars-cov-2-related-viruses-capable-infecting-human-cells-discovered-bats-northern-laos

October 17, 2021 5:51 PM

MarkH on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

@JohnKnowsNothing, all:

In the context of the TRNG discussion, I’ve seen some recent references to Intel CPUs, “application software running on the computer,” and (God help us) JavaScript.

I picture a TRNG for cryptographic use as an independent system with its own enclosure, shielding, power supply, power isolation, and processor — that processor preferably being a low-power microcontroller, and assuredly not a PC-style CPU...

October 17, 2021 5:44 PM

SpaceLifeForm on Friday Squid Blogging: New Giant Squid Video :

@ Smith

Good catch (I saw it too), but there is a subtle point that some may miss.

As ink is not necessary to perform scans or faxes, the argument is that the printer features should continue to work even if there is no ink in the device.

Receiving a FAX.

Remember, your multi function printer scanner copier is a computer.

Leave the paper tray empty or dislodged? Not good enough.

The computer will still receive the FAX...

October 17, 2021 5:36 PM

MarkH on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

@Clive, JonKnowsNothing et al:

There’s been a little banter on another squid thread about the wonderful ambiguity of language.

Please note well that “every imaginable electronic TRNG can leak the generated bits …” has a very distinct meaning from “every imaginable electronic TRNG must leak the generated bits …”

An implementation of a TRNG — or any other information processing component processing secret data...

October 17, 2021 2:50 PM

Clive Robinson on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

@ SpaceLifeForm,

Don’t you mean backdoored instead of trapdoored?

A deliberate “backdoor” in an encryption algorithm is usually by a “trapdoor” function.

But trapdoors can come into existance by lack of knowledge which is why some early PubKey’s were not as strong as expected.

So “trapdoored” covers the method intended or otherwise, whilst “backdoored” covers a specific intention.

...

October 17, 2021 2:35 PM

Clive Robinson on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

@ JonKnowsNothing, ALL,

With regards @MarkH’s comments it’s way way more than a TEMPEST attack, and it would be foolish to think it was just TEMPEST.

Time based side channels leak information in many ways. Take for example a TRNG on a computer CPU chip the time based side channels are available to,

1, Passive EmSec (TEMPEST).
2, Active EmSec (EM etc Fault injection and what some call RADAR illumination)...

October 17, 2021 2:18 PM

SpaceLifeForm on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

@ Clive

The crypto algorithm is not trapdoored, or becomes broken in some other way.

Don’t you mean backdoored instead of trapdoored?

A good crypto design uses trapdoor functions, i.e., easy to do, hard for an attacker to undo.

October 17, 2021 2:05 PM

echo on Friday Squid Blogging: New Giant Squid Video :

@Winter

My take on this is that Republicans in the US tend to be older, less educated, more religious, and live in more rural areas than Democrats. These are all factors that tend to reduce “critical” thinking.

If you dig a little deeper you will discover further research which indicates rigid minds are not a monopoly of right wing parties. The issue isn’t necessarily the party but more individual as people’s psychological profile is the key thing. I have no idea if the further research was new or if it piggybacked old material I am aware of which did make this case. But the gist of it is rigid and progressive minds may be found in parties of either side of the spectrum. It’s something I am tired of mentioning as nobody pays any attention to it whatsoever...

October 17, 2021 1:26 PM

Winter on Friday Squid Blogging: New Giant Squid Video :

This is disconcerting news, but not completely unexpected:


Conservatives More Likely to Believe Falsehoods Due to the Leanings of Fake News, Study Finds
Conservatives More Likely to Believe Falsehoods Due to the Leanings of Fake News, Study Finds

ht tps://qsstudy.com/other/conservatives-more-likely-to-believe-falsehoods-due-to-the-leanings-of-fake-news-study-finds

A better study confirms this is a more fundamental problem:...

October 17, 2021 12:08 PM

Common sense Bob on Security Risks of Client-Side Scanning :

I do not understand why anyone consider these insane invasions of privacy even for a second. They’re are abominations full stop and lacks fundamental respect for the individual.

Any devices with a backdoor goes in the shredder. If that leaves me with no devices at all, so be it. If this is the future of technology I’m opting out fully, wholly and without any regret.

October 17, 2021 11:39 AM

MarkH on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

@JonKnowsNothing, all:

• With the exception of military or diplomatic installations operating in hostile countries, it appears that virtually all successful infosec attacks are non-TEMPEST.

• Every imaginable electronic TRNG can leak the generated bits by a variety of side channels.

• As I understand the attack Clive envisions, it requires high-resolution recording of TRNG emissions (or power cables and the like) at the time the secret is generated. It cannot disclose outputs generated before or after the interval of data capture...

October 17, 2021 10:53 AM

Murray on Friday Squid Blogging: New Giant Squid Video :

@SpaceLifeForm,

Corporate sent an email to all employees that was from a slightly obfuscated fake domain with a survey. Some bit.

The employees learned a lesson about phishing.

Weeks later, corporate sent out a legit email to all employees with a survey.

They were surprised that few responded.

A worked at a company that did their official training like that. It’d come from some domain we’d never heard of, the links leading indirectly there via some “click-protection” service. “Why haven’t you done the required training”, my manager asked a couple weeks later. “Shit, that thing’s real?” Yeah, they’ve outsourced the training to some third party, and our email server was already known to be rewriting all links (even internal ones) to go via an external “protection” site...

October 17, 2021 10:31 AM

Clive Robinson on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

@ JonKnowsNothing, MarkH, ALL,

Q: Does the failure of RoT BoB lie in the usage of mechanical or oscillators for driving the input/output?

1, The physical source, oscillator, counter, trigger and data out mechanism are all required to get the required data.

2, The oscillator is assumed to be both periodic and over the period of a few measurments to be stable in frequency thus predictable in time...

October 17, 2021 8:34 AM

Smith on Friday Squid Blogging: New Giant Squid Video :

Canon sued for disabling scanner when printers run out of ink

“Canon USA is being sued for not allowing owners of certain printers to use the scanner or faxing functions if they run out of ink.

David Leacraft, a customer of Canon, filed the class action lawsuit on Tuesday alleging deceptive marketing and unjust enrichment by the printer manufacturer.
Refusing to scan when out of ink

While using his Pixma MG6320 printer from Canon, the plaintiff was surprised to discover that the “all-in-one” machine would refuse to scan or fax documents if the printer ran out of ink...

October 17, 2021 8:22 AM

JonKnowsNothing on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

@Clive @MarkH @All

Please correct if I have not grasped the concepts.

  • Q: Does the failure of RoT BoB lie in the usage of mechanical or oscillators for driving the input/output?
  • Q: If you had the same starting inputs and did not use any mechanical systems to drive the outputs (no timing tells) would that have better results?

From the thread it seems that there are 2 sources of failure:

  1. Using any mechanical or other means to collect a base seed (decay rates, number of starts in the sky or sheep in the pen etc). ...

October 17, 2021 7:36 AM

echo on Friday Squid Blogging: New Giant Squid Video :

https://www.telegraph.co.uk/politics/2021/10/16/dominic-raab-sets-plans-overhaul-human-rights-act-reform-judicial/

Dominic Raab: I’ll overhaul the Human Rights Act to stop Strasbourg dictating to us.

Before the UK supreme court was created the House of Lords was the Supreme Court and could overrule decisions made on the authority of parliament. When the Supreme Court was created there was a slight of hand which placed the Supreme Court in a secondary position to parliament. The current UK government wants to rig the legal system even more in its favour...

October 17, 2021 7:14 AM

Clive Robinson on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

@ MarkH, ALL,

Or some combination of the two?

It is actually way broader than that.

It is primarily an attack on “The Root of Trust”(RoT) of most modern information security.

The RoT is an intangible information object used for “Authorization”(AuthZ), “Authentication”(AuthN), and much more as well. Sometimes called a “seed”, “shared-secret”, “master-secret” or in more limited cases a “key”, or less corectly an “Initialisation Vector”(IV), “Number used Once”(nonce), etc...

October 17, 2021 5:32 AM

TheSwede on Comparing Messaging Apps :

I have been using Signal for at least 6 year now. 5 years after this blog post and I have managed to convert almost everyone I have contact with on a weekly basis.

The various breaches and problems on the other messaging apps have helped, of course.

October 17, 2021 5:07 AM

Clive Robinson on Recovering Real Faces from Face-Generation ML System :

@ Matt, ALL,

Whether or not a computer generated actor is an original work with respect to copyright could be a multi-million dollar question.

Which takes us into the domain of “Non Fungible Tokens”(NFTs) which are based on the “blockchain” and all the horrendous issues that brings up.

October 17, 2021 4:26 AM

Clive Robinson on Friday Squid Blogging: New Giant Squid Video :

@ Nick Levinson, Sut Vachz,

The squid wasn’t 2800 feet and Bruce didn’t say it was.

What @Bruce said was,

“New video of a large squid in the Red Sea at about 2,800 feet.”

Which is as ambiguous as the famous,

“At the circus I saw a man eating sandwich”

The sentance @Bruce gives has two –potentially three– objects,

1, Squid
2, Red Sea

And an unspecified attribute of “2,800 feet”

For the meaning of what @Bruce said to become a little clearer an additional word at the very least needs adding at the end of the sentance. Such as,...

October 17, 2021 2:36 AM

Matt on Recovering Real Faces from Face-Generation ML System :

The paper focuses on privacy but I think of equal importance are the implications for intellectual property. Companies will inevitably claim ownership rights to generated faces and such. Whether or not a computer generated actor is an original work with respect to copyright could be a multi-million dollar question.

October 17, 2021 2:02 AM

on Friday Squid Blogging: Strawberry Squid :

@Name:
@SLF:

“Oh don’t be so down on the dogma”

Have you forgoton when dogma chased carma?

The result was not pretty at all as carma, as usuall just went over the top without any feeling… Poor dogma was crushed.

October 16, 2021 10:04 PM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Strawberry Squid :

@SpaceLifeForm
Oh don’t be so down on the dogma, it’s delightful when you’re at the park throwing a frisbee or ball. Gotta try catma too, it is a bit smaller and not as playful though but you get used to it after a while. Soon you find yourself watching Faux Noise and trying to find out who stole your predilection.

October 16, 2021 7:07 PM

SpaceLifeForm on Friday Squid Blogging: New Giant Squid Video :

@ JonKnowsNothing

Reminds me of a corporate phishing training exercise not too long ago.

Corporate sent an email to all employees that was from a slightly obfuscated fake domain with a survey. Some bit.

The employees learned a lesson about phishing.

Weeks later, corporate sent out a legit email to all employees with a survey.

They were surprised that few responded.

October 16, 2021 4:19 PM

SpaceLifeForm on Friday Squid Blogging: Strawberry Squid :

@ Freezing_in_Brazil

Likewise.

Whilst we all do not always see things from the same angle, that is fine. It is the discourse that is important.

This is how one learns. Instead of just accepting dogma.

October 16, 2021 4:02 PM

on Security Risks of Client-Side Scanning :

@SLF:

“Supply chain disruptions.”

O, apparently not, as one came in with a new shipment of Squid…

Sometimes people just have to follow that penny.

October 16, 2021 3:33 PM

Steve on Security Risks of Client-Side Scanning :

Sometimes reading the comments section of this blog I feel like I’ve arrived at a party where everyone else is three or four drinks ahead of me.

Just sayin’.

October 16, 2021 3:11 PM

A Nonny Bunny on Recovering Real Faces from Face-Generation ML System :

@peter

Just a thought: I wonder what would have happened if they trained the algorithm on NatGeo-like photos of people from distant and poor corners of the world, which are, for the popular Western standard, not pretty. The result could be interesting. But maybe the corpus is just too small.

You can train Stylegan-Ada with just a few thousand photos and get pretty good results in a few days of training (on a fairly modest GPU)...

October 16, 2021 2:31 PM

echo on Friday Squid Blogging: New Giant Squid Video :

Note: I am using a new email address as a unique private identifier as I very helpfully deleted my old one by accident.

https://www.davidputtnam.com/viewNews/n/lord-puttnam-retirement-full-speech/

An ‘Elections Bill’ that, contrary to the advice of the Committee for Standards in Public Life, is set on undermining our long established independent ‘Electoral Commission’; a Bill to reform Judicial Review whose principal aim is to reduce the role of the Judiciary; a Police Bill that weakens the right to legal protest; along with a plan to ‘widen the scope of the Official Secrets Act’ with no commitment to add a public interest defence for journalists – even an Education Bill that seeks to reduce traditional academic freedoms in the area of Teacher Training! All of this accompanied by continued mutterings about ‘unelected judges’ in Strasbourg, and ‘reforming’ the UK’s implementation of the European Human Rights Act, potentially forcing us out of the Council of Europe...

October 16, 2021 11:31 AM

Petre Peter on Security Risks of Client-Side Scanning :

This reminds me of communist Romania where the secret police (Securitatea) planted microphones inside the TV sets. This was exposed in the book Red Horizons by Ion Mihai Pacepa. So it seems like the the bugs have moved from the living room to our pockets. Great title, great alarm signal. Thank you.

October 16, 2021 10:46 AM

JonKnowsNothing on Friday Squid Blogging: New Giant Squid Video :

@All

A recent MSM report about a mass distributed email from a major corporation to their employees, one of those SENDALLs. The topic was an solicitation for the receiver to “CLICK HERE” to support a corporate position, that is for the most part not in the best interest of the employees.

The “CLICK HERE” would send an affirmation “YES I AGREE” to some committee to use as that ever popular position: “SEE our employees agree with US”...

October 16, 2021 10:41 AM

Freezing_in_Brazil on Friday Squid Blogging: Strawberry Squid :

@ Clive Robinson

<

blockquote>As for learning, this blog has often discused things many years ahead of when the academic and industry do. I once worked out the average time was around eight years… Whilst tgis might sound impressive, it’s actually a sad reflection on academia and industry.

<

blockquote>

Clive, I live among academics [I`m an engineer and a consultant], and I am delighted with the quality of research in English-speaking countries [what you call sad state I can’t help calling excellence]. I like to try to get ahead too. When I discovered this forum years ago it was like a revelation. I don’t know anything similar in Portuguese in the coverage of security affairs. I’m trying to do my little bit to close this gap through my humble blog [among other things]...

October 16, 2021 10:19 AM

Sut Vachz on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

@ Winter @ Clive Robinson et @ al

If any interest in delving into mathematical foundational questions, one might want to look at the papers (and a book or two) of the late Edward Nelson, professor of mathematics and Princeton.

https://web.math.princeton.edu/~nelson/papers.html

One might start with the paper “Completed versus Incomplete Infinity in Arithmetic”, where the subject of the title is explored and pushed to the discussion of how much mathematics can be done without complete infinity, and of the connexion of the idea to computational complexity, including the feasibility results of Bellantoni, Cook, and Leivant (!!!)...

October 16, 2021 10:04 AM

Winter on Friday Squid Blogging: New Giant Squid Video :

@SLF
“I remain confident that most ransomware attacks are really a cover story for blackmail payments and/or money laundering.”

We had a university in the Netherlands, Maastricht, which was closed for weeks because they lost access to all their (student) data in a ransomware attack. Just now one of the biggest industrial conglomerates of the Netherlands was closed for weeks for the same reason...

October 16, 2021 9:15 AM

Leon Theremin on Security Risks of Client-Side Scanning :

Bad idea? Tell this to the people who put hardware backdoors into all devices and Remote Neural Monitoring in all radio towers.

October 16, 2021 6:44 AM

Clive Robinson on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

@ MarkH, ALL,

Clive has gifted us with the wonderfully visual metaphor of a roulette wheel. Perhaps a “wheel of fortune” is more appropriate.

Not my name, not sure who chose it but it’s,easy to see the wheel spining at a near constant rate with a ball running at an approximately constant rate but puterbed by the diamonds.

As I said unless you are using just a single latch you are using a clocked counter circit. Depending on which way around you connect them it is either a frequency counter or a period counter...

October 16, 2021 2:48 AM

SpaceLifeForm on Friday Squid Blogging: New Giant Squid Video :

I remain confident that most ransomware attacks are really a cover story for blackmail payments and/or money laundering.

hxtps://therecord.media/treasury-said-it-tied-5-2-billion-in-btc-transactions-to-ransomware-payments/

While the initial SAR reports highlighted $1.56 billion in suspicious activity, a subsequent FinCEN investigation of the Top 10 most common ransomware variants exposed additional transactions, amounting to around $5.2 billion just from these groups alone...

October 16, 2021 2:26 AM

MarkH on Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk :

.
Review of Modular Extraction

For the few of you who’ve been patiently following this lengthy discussion of radioisotope True Random Number Generators … I’ve been thinking that not everybody is “on the same page” concerning modular decay timing. It occurred to me this evening, that perhaps no two of us are picturing it the same way!

Clive has gifted us with the wonderfully visual metaphor of a roulette wheel. Perhaps a “wheel of fortune” is more appropriate. Imagine that all of markings are whole numbers, in sequence from zero, all distinct; and that the usual indicator is in place so everyone can agree which marking is “selected.”...

October 16, 2021 2:25 AM

Weather on Friday Squid Blogging: New Giant Squid Video :

@all

Can people stop quote refences with out saying what they think of it… And yes Wikipedia is as accurate as a blind donkey.

@mod
Abit agro but people are stepping out side there area.

October 15, 2021 9:45 PM

Nick Levinson on Friday Squid Blogging: New Giant Squid Video :

Software may retain passwords in plain text, so that a search inside an app’s files may reveal passwords that work.

This is because users may err and type a password where a username should be typed because they mentally accidentally skip the username step. The app may legitimately be designed to log usernames and usually those can legitimately be in plaintext. But a user’s error may result in a password being stored as if it is a username. It wouldn’t directly reveal the password’s owner, but, because a login would have failed and likely retried, the owner could be guessed from the chronologically next entry or other adjacent entries...

October 15, 2021 8:55 PM

Anon on FBI Had the REvil Decryption Key :

During WWII Bletchely Park broke the Enigma codes but couldn’t warn allied ships of impending submarine attacks to avoid revealing the code had been broken.

October 15, 2021 8:17 PM

MarkH on The End of In-Flight Wi-Fi? :

@ –:

the outright lunacy of the comment could be seen as a clue

Gosh, I thought it was pretty near our average!

How much would it cost to stop time during the flights?

October 15, 2021 6:25 PM

ech on Security Risks of Client-Side Scanning :

@Bruce

RE:UK Draft Online Safety Law

Part two.

US style “freedom of speech” and low regulation for the business environment causes real problems for Europe and elsewhere as the US can and has been a breeding ground for content and ideologically driven people causing problems including but not limited to increasing corruption and a rise in hate crimes.

The current UK government has created a “hostile enviroment” riddled with polarising and inflamatory and sterotyping rhetoric and this has been felt in the US in some quarters with some legislators getting ideas and pushing through harmful and truly terrifying agendas and polices...

October 15, 2021 6:25 PM

ech on Security Risks of Client-Side Scanning :

@Bruce

RE:UK Draft Online Safety Law

Part one.

Duty of care and safeguarding are well established in law as is the real threat from media and social media to provoke and encourage hate crime. The problem is not the law in principle but how it will be used and abused by an out of cotrol and reckless human rights abusing government with a grip on regulators and access to law and other mechanisms for information and redress...

Sidebar photo of Bruce Schneier by Joe MacInnis.