Recent Comments


Note: new comments may take a few minutes to appear on this page.

October 5, 2022 1:26 AM

dasas on Russia Creates Malware False-Flag App :

This is an awesome article, Given such an extraordinary measure of data in it, These sort of articles keeps the customers excitement for the site, and keep sharing more … favorable circumstances. dpboss

October 5, 2022 12:46 AM

das on Russia Creates Malware False-Flag App :

Great blog. I delighted in perusing your articles. This is really an awesome perused for me. I have bookmarked it and I am anticipating perusing new articles. Keep doing awesome! kalyan matka

October 5, 2022 12:39 AM

actualités on Russia Creates Malware False-Flag App :

You may remark on the request arrangement of the blog. You should visit it’s unbelievable. Your blog review would swell up your guests. I was extremely satisfied to discover this site.I needed to thank you for this incredible read!! india matka

October 4, 2022 10:05 PM

ResearcherZero on NSA Employee Charged with Espionage :

@Bruce

I was personally disappointed to see a number of victims and their families left uniformed and unprotected from the microwave attacks in Australia that took place from around 1985 through to 1992.

It may be easy to excuse as a “psychological problem”, though the incidents that followed involving physical assaults, abduction, shootings, and bombs placed under vehicles by those same Russian spies may be a little harder to explain...

October 4, 2022 9:53 PM

lurker on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@SpaceLifeForm, “How does one insert their digital signature into a .wav or .jpeg?”

jpeg, dunno. But modern audio file formats[1] have a header with specified fields for, eg. sample rate, byte count/file length, CRC, and much, much more. If there wasn’t already enough uniquely identifying metadata there, it should be easy[2] to add a field for the author’s signature. Which opens up a line of business in modifying files and signatures …...

October 4, 2022 9:33 PM

ResearcherZero on NSA Employee Charged with Espionage :

@Bruce

And, almost ten years after Snowden, do we still have this much trouble vetting people before giving them security clearances?

As we still have identified foreign spies from the 1980’s free to recruit assets, and know that most of their assets are still happily working in government departments, this would be a certainty.

If you ignore it long enough – eventually it will go away.

The two Russian spies responsible for targeted harassment in the 1980’s in Australia, were repeatedly set free after being caught, charged and found guilty. Immediately set free, although a long list of victims were identified as being still at risk...

October 4, 2022 7:52 PM

SpaceLifeForm on Friday Squid Blogging: Breeding the Oval Squid :

@ JonKnowsNothing, Clive, ALL

As the Insanity continues

Bond. James Bond.

Did your license plate update today?

‘https://nitter.net/DougDeMuro/status/1576981788672421888#m

October 4, 2022 6:36 PM

SpaceLifeForm on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@ Winter, Gert-Jan, fib, Clive, ALL

re: Digitally Created Artifacts

The solution is that a [insert potentially digitally created artifact here] is not acceptable as evidence without a witness that can be questioned about its truth.

Something about Digital Signatures comes to mind. For, a Digital Signature is actually a Digitally Created Artifact.

It is difficult enough to sign plaintext, but how can one reliably sign an audio recording or a graphic using PKI? How does one insert their digital signature into a .wav or .jpeg? It should not be a separate file. Think about it. How can one sign a separate digital signature file? With, of course, yet another signature file. That is turtles...

October 4, 2022 5:33 PM

Ted on NSA Employee Charged with Espionage :

@SpaceLifeForm, Clive,All

Sorry. I meant Dalke not Jalke.

Yes, also, per the affidavit:

This affidavit is intended to show merely that there is sufficient probable cause for the requested warrant and does not set forth all of my knowledge about this matter.

I think there is a detention hearing for Dalke this week.

Your coverage of CIA leaker Joshua Schulte’s trial was great. That was a wild development...

October 4, 2022 5:19 PM

Clive Robinson on Friday Squid Blogging: Breeding the Oval Squid :

@ fib,

Re : Root of all evil not trust.

“Excuse my lack of sophistication and my wasting your time with banalities.”

In security “banalities” have a habit of becoming at the very least, tipping points if not edges of precipices in the dark. Thus they should not be treated as though unimportant, because they are like “Jack Russells” the look inoffensive, untill suddenly you find them hanging off of you with their teeth sunk full in with no intention of easing up...

October 4, 2022 3:34 PM

SpaceLifeForm on NSA Employee Charged with Espionage :

@ Clive, Ted

ProtonMail, EXIF, and yellow dots come to mind.

CryptoCurrency is not as anonymous as some think.

As to the non-clarity in this case, in the main it probably exists so as to not reveal sources and methods.

October 4, 2022 3:06 PM

fib on Friday Squid Blogging: Breeding the Oval Squid :

@Clive

The link you give, just gives me the abstract not the paper so I can not realy say…

I’m sorry for the bad link. I have no alternative one, but it was about using an image as authenticator. It is not necessary as I’ve no doubt you know better than that.

>>You then need some “way to randomize” each and every time the password generater is called with the same “prompt and parameters”…...

October 4, 2022 3:05 PM

Ted on NSA Employee Charged with Espionage :

Was Jalke – having completed a BS, MS, and now going for a Doctorate (according to his resume) – planning to enhance his career trajectory by selling his country’s secrets?

Also, did he not study Reality Winner’s case? Printed documents are trackable. Come on.

Some of the statements Jalke made to the OCE (FBI Online Covert Employee) really have me wondering about his state of mind:

  • “recently learned that my heritage ties back to your country, which is part of why I have come to you as opposed to others.” ...

October 4, 2022 1:59 PM

FA on Friday Squid Blogging: Breeding the Oval Squid :

On last week’s squid thread, @Erika wrote:

One thing I noticed over the years is that a lot of content is provided by just a few contributors, each one of those apparently being driven by his/her own agenda and therefore rather predictable.

I’d agree with that.

To paraphrase a famous line:

There are three of them, and Robinson

which doesn’t mean I’d want to compare Clive to the likes of Percy Alleline,...

October 4, 2022 1:56 PM

Wannabe techguy on NSA Employee Charged with Espionage :

@steve
“How about to Glenn Greenwald and Julian Assange?”

Just askin’.
Are you saying they leaked to the Russians?
Just askin’

October 4, 2022 1:14 PM

Aaron on NSA Employee Charged with Espionage :

I guess it’s a good thing that hundreds of thousands of dollars are spent every year ensuring employees, contractors, etc are staying compliant with DoD 8570

I mean…

I guess it’s a tragic waste of government spending every year ensuring corporations like CompTIA “help” to ensure people are trained to be good system users

Another classic case of, no matter what you do, there will always be somebody who just doesn’t care, doesn’t have the same perspective or is just malevolent...

October 4, 2022 12:50 PM

SeattleSipper on NSA Employee Charged with Espionage :

> Court records show he had nearly $84,000 in debt between student loans and credit cards.

Thus, we have an unanticipated benefit of forgiving student loans. Anyone have any (real) data on what benefits the loan jubilee might bring to organizations like the FBI, NSA, and CIA?

October 4, 2022 11:23 AM

Gert-Jan on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

The solution is that a [insert potentially digitally created artifact here] is not acceptable as evidence without a witness that can be questioned about its truth.

Fixed that for you. And I couldn’t agree more.

The real task … is to convince the public that any video can be manipulated.

I don’t think that will help much.

Everyone knows that people can lie. And more tech savvy people know that bad people create bots that lie. Despite that, every day, a massive amount of people distribute information on social media that they received from an unknown or unreliable source. I’d say the media formats doesn’t matter when it comes to this behavior...

October 4, 2022 11:22 AM

Clive Robinson on NSA Employee Charged with Espionage :

@ ALL,

Oh one other thing…

The “foreign Email Provider” much is made about it being beyond the US…

They don’t get named but the crypto coin exchange does… Why?

As we know from the past various US Federal Agencies have set up or taken control of foreign companies for various reasons.

It might be worth finding out who the Email company is and doing some OSint on them…

...

October 4, 2022 11:16 AM

Clive Robinson on NSA Employee Charged with Espionage :

@ ALL,

What concerns me is the four documents…

Aside from one, we know nothing about the content, or who wrote them.

If he was employed as indicated then they may well have been documents he wrote, and printed out and few if no others had access to.

The fact the FBI person skates around various things in the affidavit would to most appear suspicious, however it’s the sort of junk they write all the time, written full of irrelevances to convey suspicion etc…...

October 4, 2022 11:01 AM

Quantry on NSA Employee Charged with Espionage :

“It’s not clear how much of this was the employee’s idea, and whether he was goaded by the FBI agent.”

Need I tell you what the odds are under these untouchable facsist / Staatssi “ministries” of security? Such “heros” MUST climb the ladder.

‘https://cfe.ryerson.ca/blog/2021/08/consultation-racket-report-national-islamophobia-summit

‘https://rabble.ca/columnists/enduring-canadas-surveillance-regime/...

October 4, 2022 10:44 AM

Steve on NSA Employee Charged with Espionage :

@bruce:

Still, hooray for not leaking NSA secrets to the Russians.

How about to Glenn Greenwald and Julian Assange?

Just askin’.

October 4, 2022 10:39 AM

tim on NSA Employee Charged with Espionage :

I’m curious if the debt issue came up during the clearance check or if they just checked credit ratings. Such large amount of debt should of triggered a red flag to investigate. Then again – due to the US idiotic college loan system – a high percentage of college applicants would have similar debt issues.

(banks won’t generally hire people with low credit ratings in privileged positions)

...

October 4, 2022 10:16 AM

Daniel Speyer on NSA Employee Charged with Espionage :

And, almost ten years after Snowden, do we still have this much trouble vetting people before giving them security clearances?

They probably adjusted the vetting process to exclude people with consciences. Which is now working out about as well as you’d expect.

October 4, 2022 10:10 AM

RealFakeNews on NSA Employee Charged with Espionage :

Simple solution: write off debts of those employed in these positions. Remove the need to make quick cash.

Wait… that doesn’t work as many are not motivated by finances but ideology.

This one stinks of a stitch-up by the Feds.

October 4, 2022 9:48 AM

GI JOE on NSA Employee Charged with Espionage :

when we predispose an entire generation of Clandestine Service staff to foreign influence leverage, by recommending to every schoolchild they take on massive amounts of debt to finance what often turns out to be a less than useful education, what do we exactly expect to happen….?

October 4, 2022 8:22 AM

Peter A. on NSA Employee Charged with Espionage :

On the surface of it, there’s no issue that this guy only worked for less than a month, as long as the purported family issue was true and unexpected. The agency didn’t want to sponsor leave of absence, bad news for the employee, shit happens in life. Also the person’s credentials seem ok: military service, security clearance from the military (a HR short cut compared to a candidate not having clearance already), relevant university grade etc. Something in the vetting for TS clearance might have gone wrong, however...

October 4, 2022 7:58 AM

Winter on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@FA

They are not even using linear prediction.

It looks a lot like they use the all-pole model of Markel&Gray 1976 [1]. There are good implementations of that based on white error signals, and all kinds of robust variants. There is a decent size library filled with books and publications about LPC in speech, and the tube model for synthesis.

[1] J. D. Markel and A. H. Gray, Linear Prediction of Speech, New York:Springer-Verlag Berlin Heidelberg, 1976...

October 4, 2022 7:50 AM

wiredog on NSA Employee Charged with Espionage :

The problem with vetting in the post Snowden era is that he didn’t raise any red flags. He saw himself as a patriot who was doing the right thing. You can’t really screen for that.

It’s really messed up the whole clearance process.

October 4, 2022 7:36 AM

JonKnowsNothing on NSA Employee Charged with Espionage :

In theory, in the USA, we have Innocent Until…

In practice, it doesn’t work quite as well as it looks on paper.

There are lots of documented cases of what is termed: entrapment. This one smells badly. No one gets to that point of employment without full vetting.

It’s no surprise that folks are underwater with educational debt generated by Betsy DeVos and her chums. This are educational loans based on Federal Student Loan Guarantees designed for use by bogus For Profit Schools, that come with No Bankruptcy relief options. Besides tuition debt, people still need housing and food while studying. $84K is a droplet...

October 4, 2022 7:02 AM

Winter on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@Gert-Jan

This is a race the “detection industry” can’t win.

This is going the same way as photographs vs photoshop. It is true that you can create any scene pixel by pixel. But a manipulated photo will always contain traces of being not written by light. On the other hand, we will not always be able to detect them.

The solution is that a photograph or photocopy is not acceptable as evidence without a witness that can be questioned about its truth...

October 4, 2022 6:56 AM

FA on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@Winter

The Linear Predictive Coding (LPC) technique they use

They are not even using linear prediction. Believing that closed-form solutions to find reflection coefficients don’t exist (really !), they use a gradient descent search method instead.

October 4, 2022 6:41 AM

JonKnowsNothing on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@ SpaceLifeForm

re: Did your doppelganger have anything interesting to say? Or was it just you hearing yourself via delayed VOIP echo?

On the second call, I said nothing. I picked up the handset and held it at a distance. I did not put it to my ear. (1) Since I said nothing, it wasn’t a VOIP echo.

Once the other side detected “call pick up” signal, and did not “hear” a normal “hello?” from my end, they played back the exact phrase I had used previously...

October 4, 2022 6:08 AM

Gert-Jan on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

And the arms race will continue

This is a race the “detection industry” can’t win. At best, each new technique can reveal past fakes. At some point all avenues for fraud detection will have been exhausted.

And even now, I bet you that if you degrade the fake enough (“it was recorded when the person was taking a shower” / “It was very windy outside”), this new detection may already fail.

...

October 4, 2022 5:38 AM

Winter on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@FA

This and other errors mean that the vocal tract shape they calculate could be quite different from the actual one.

The theory is rock solid. Linear Predictive Coding originated in the earth science for analysing earthquake signals.

However, the authors seem to have only a limited understanding of the linguistics or models they use.

October 4, 2022 5:33 AM

Winter on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

I am not entirely convinced. There are biannually contests to design untraceable voice conversions and anti-spoof/deef-fake detectors. Until this algorithm participates successfully, I postpone my judgment.

Automatic Speaker Verification, Spoofing and Countermeasures Challenge
‘https://www.asvspoof.org/
(the article uses the 2019 data set, the latest is the 2021 set)

Voice Conversion Challenge
‘http://vc-challenge.org/...

October 4, 2022 4:37 AM

FA on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@Ted

Regarding your thoughts on the reflection coefficient (rk) I’m not sure I understand how you arrive at this?

Reflection coefficients arise in the theory of transmission lines, which could be electrical (e.g. coax cable) or acoustical (tubes),…

The theory is the same in all cases. @Clive could tell you all about the electrical or wave guide form.

They define how waves propagate in a transmission line, and have nothing to do with the net flow of the medium (electrons or air). Each transmission line has an impedance which basically defines the way the two physical quantities that make up a travelling wave relate to each other. In the electrical case those would be voltage and current, in acoustics pressure and particle velocity. [1]...

October 4, 2022 4:04 AM

SpaceLifeForm on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@ Ted

Ventriloquism

I’m not sure what the ‘who’ and ‘has’ test shows. They are very easy to say without moving your lips. Well, in English.

Go thru the alphabet, and phonetically say each letter. You will find that saying B, F, M, P, V, and W will be difficult without lip movement.

Short example:

‘https://www.youtube.com/watch?v=40jCjWXCgt0

Longer example:

‘https://www.youtube.com/watch?v=w_qlkRcyCAU...

October 4, 2022 2:26 AM

SpaceLifeForm on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@ JonKnowsNothing

Did your doppelganger have anything interesting to say?

Or was it just you hearing yourself via delayed VOIP echo?

‘https://www.justia.com/50-state-surveys/recording-phone-calls-and-conversations/

October 4, 2022 1:57 AM

Clive Robinson on Friday Squid Blogging: Breeding the Oval Squid :

@ lurker, ALL,

Re: Hacking Hypervisors

“One question, what took so long? It’s been 16 years since the papers were published.”

Actually longer, I started looking into the use of hardware hypervisors for security back last century, when the choice of CPU architectures was wider (remember PowerPC, Spark, etc).

But remember the oft unstated principle behind that of the “principle of the low hanging fruit” basically says,...

October 4, 2022 1:15 AM

Clive Robinson on Friday Squid Blogging: Breeding the Oval Squid :

@

Re : What is to come this respiritory disease season.

Your statment of,

“MSM reports: New coronavirus subvariant BA.2.75.2 tops concerns as officials gear up for potential winter wave.”

Came as a bit of a surprise, because I must admit, I’ve kind of taken my eye off of the ball (C19 fatigue?). Which is why reading,

https://www.forbes.com/sites/williamhaseltine/2022/09/30/covid-virus-accelerates-with-each-new-variant/...

October 4, 2022 12:42 AM

Weather on Friday Squid Blogging: Breeding the Oval Squid :

@clive ,you should probably ask pset from nz, any way there was no cipher in those highly thought out thingys.
I’m asking who is behind the recent shit, Iran,Russia, China, North Korea (nz could wipe out) have all passed, some one or group is pissing in a pond, sort it out.

October 3, 2022 11:31 PM

lurker on Friday Squid Blogging: Breeding the Oval Squid :

re: Hacking Hypervisors

One question, what took so long? It’s been 16 years since the papers were published. Must be that there’s less value in pwning an entire VM than having keyloggers on 10^n desktops from simply cracking a bit of shonky js on the webserver.

October 3, 2022 11:24 PM

Ted on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@SpaceLifeForm, Clive, All

Yippee-Ki-Yay. We had a box set of Die Hard VHS tapes growing up.

Good question about copyright Clive. I keep seeing that someone made some very convincing Tom Cruise deepfake videos. And I wondered very much the same thing. Did they get approval for that?

October 3, 2022 10:04 PM

Ted on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@FA

The phoneme analysis is pretty cool. Tell me, could you resist doing the reader participation?

… we invite the reader to speak out loud the words “who” (phonetically spelled “/hu/”) and “has” (phonetically spelled “/hæz/”) while paying close attention to how the mouth is positioned during the pronunciation of each vowel phoneme

Regarding your thoughts on the reflection coefficient (r...

October 3, 2022 9:58 PM

Justin Harvey on Blockchain and Trust :

Blockchain increases trust, security, transparency, and the traceability of data shared across a business network — and delivers cost savings with new efficiencies. The setup is tested over and over again. That is what author is trying to conclude.

October 3, 2022 8:46 PM

JonKnowsNothing on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@ SpaceLifeForm, @All

re: Your voice is your password.

RL tl;dr

The number of spam ID calls I get has been dropping due to some legal changes at the FCC. Normally, IF I answer, I say nothing and wait. If there isn’t anyone on the other end, I press ** or 99 (9 or * used to get you an outside dial tone from local PBX or transfer signal to a FAX) and hang up.

Recently, I’ve had to answer more of these No-ID calls, because I am waiting for specific phone calls that do not use Standard Caller ID. I cannot tell if the incoming call is Live or Memorex...

October 3, 2022 6:17 PM

Clive Robinson on Friday Squid Blogging: Breeding the Oval Squid :

@fib, SpaceLifeForm, All,

Re: Stable Diffusion

“I’m under the impression [could be wrong] that latent diffusion models are able to generate strong passwords in an image-as-password setting[0], since they seems to have a lot of entropy and cannot be reproduced even with the same prompt and parameters”

The link you give, just gives me the abstract not the paper so I can not realy say…

But… To generate a strong “root of trust” such as a “strong password” needs a high degree of entropy...

October 3, 2022 6:00 PM

Clive Robinson on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@ SpaceLifeForm, Ted, ALL,

Re : Deepcake is badfake

I saw one of the duplicates of the original story, before the denials and thought yup this has been going om a while (since 2016 if my memory serves correctly). As it’s not realy a secret that some stars have sold their “afterlife image” and that it has brought up a curious legal question.

Normally the copyright on an individuals “work” is good for XX years after their death. But the law is not clear as to who owns the copyright on a new work after someone has died…...

October 3, 2022 4:51 PM

SpaceLifeForm on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

Your voice is your password.

Do not freely hand it out.

Stick to text as much as possible.

Do not setup Voicemail. Do not leave messages on someone elses Voicemail. Avoid calling a companies tech support.

This call will be recorded for quality assurance purposes.

October 3, 2022 3:20 PM

FA on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

Reading the paper leaves me with contradictory impressions.

First, the authors have had one very good idea, which is to base their detection method on analysing transitions between phonemes rather than individual ones. Most voice synthesis systems cross-fade between phonemes rather than rendering the correct transition. That means that at the halfway point you get a superposition of two phonemes which could very well be impossible to be produced by a real vocal tract which is limited to what the muscles shaping it can do. Strangely enough this can still sound quite natural, but it clearly identifies a fake if detected...

October 3, 2022 1:21 PM

fib on Friday Squid Blogging: Breeding the Oval Squid :

@SpaceLifeForm, Clive Robinson, All

Re: Stable Diffusion

I’m under the impression [could be wrong] that latent diffusion models are able to generate strong passwords in an image-as-password setting[0], since they seems to have a lot of entropy and cannot be reproduced even with the same prompt and parameters, as said above.

[o]h*tps://link.springer.com/article/10.1007/s41870-020-00477-x

October 3, 2022 10:51 AM

Ted on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

I am still reading through the original postings, but recently saw a tweet from Michael McFaul, former US Ambassador to Russia, that seems relevant to this research.

From Michael McFaul:

WARNING. Someone using the phone number +1 (202) 7549885 is impersonating me. If you connect on a video platform with this number, you will see an AI-generated “deep fake” that looks and talks like me. It is not me. This is a new Russian weapon of war. Be careful. ...

October 3, 2022 10:33 AM

Bernie on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

Can you see it coming? (1) Deepfake singing. (2) Automated deepfake singing detection. (3) DMCA takedowns of deepfake songs. (4) DMCA takedowns of legit songs by hugely popular singers because the detection works well with the vocal tracts that most people have; yet those singers are so popular exactly because of their unusual vocal tracts.

October 3, 2022 9:42 AM

Clive Robinson on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@ erika,

Re : LPI and Mil-tech

First off,

That is reality, grow up and accept that there are things you don’t know and probably never will.

It’s not the “reality” and I know rather more about the subject than many do having designed systems in those areas.

So,

“Second, there is today a lot of research being done on things like LPI waveforms, and most of it is classified because the military are driving this effort.”...

October 3, 2022 8:24 AM

Clive Robinson on Friday Squid Blogging: Breeding the Oval Squid :

@ JokingInTuva, SpaceLifeForm, ALL,

Re : Hacking Hypervisors

“It looks quite ugly…”

Yup, it’s worse than most will realise…

However it’s something I’ve known about for a long long time now, due to some research work I did.

The important thing to note is that the technological method is agnostic to use, which depends on the “directing mind”.

So the technological method can be used for good or bad, I chose to use it for good to hunt out and stop malware...

October 3, 2022 8:07 AM

Clive Robinson on Detecting Deepfake Audio by Modeling the Human Acoustic Tract :

@ Bruce, ALL,

Re : Arms race on fakes

“This is, of course, not the last word. Deepfake generators will figure out how to use these techniques to create harder-to-detect fake voices. And the deepfake detectors will figure out another, better, detection technique. And the arms race will continue.”

And it’s not that hard to see how. From the article,

“We did the reverse. By inverting many of these same techniques, we were able to extract an approximation of a speaker’s vocal tract during a segment of speech. This allowed us to effectively peer into the anatomy of the speaker who created the audio sample.”...

October 3, 2022 7:35 AM

Clive Robinson on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@ SpaceLifeForm, fib, Winter, ALL,

Re : Our hosts words

“I am a public-interest technologist, working at the intersection of security, technology, and people.”

Note two things,

1, public-interest technologist
2, people

Being a “public-interest technologist” has a large scope in subjects covered not just a small corner of security, or even security in all it’s many guises. It covers all technology that the public or people use to assist them in their daily activities that can be used against their interests in ways that might be of concern...

October 2, 2022 6:41 PM

SpaceLifeForm on New Report on IoT Security :

@ John Tillotson

The scuttlebutt is that Credit Suisse, Duetsche Bank, and HSBC are all in major trouble. Ranking in that order.

But it may very well be that it is Morgan Stanley.

They are all in trouble.

The US FED is having a closed meeting tomorrow. Someone is begging for a bailout.

We are at a tipping point. It may be best to just let a bank fail. To teach the fascists a lesson. No more bailouts...

October 2, 2022 3:18 PM

lurker on New Report on IoT Security :

@Naveed
track(dot)g2:
“Approximately $34 billion in yearly licensing waste is generated each year between the US and UK.”

Somebody is claiming that as a saving; somebody else is using it for a tax deduction.

October 2, 2022 2:45 PM

lurker on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@Clive Robinson

The internet is supposed to route around damage. It hasn’t had a significant real world test of that function, so I find you overly pessimistic that a single EMP weapon could destroy the entire ‘net. One hit might disrupt a major market, but the rest of the world should be able to carry on. Depending of course on any retaliation from the damaged market.

IMO at least three would be needed, which implies a nation state actor. I prefer Updegrove’s distributed conventional device attack, which might be mounted by any disaffected group. (link on latest Squid)...

October 2, 2022 3:04 AM

ResearcherZero on Friday Squid Blogging: Breeding the Oval Squid :

“user-mode module that gained the ability to read and write kernel memory due to the CVE-2021-21551 vulnerability in a legitimate Dell driver”
https://www.virusbulletin.com/uploads/pdf/conference/vb2022/VB2022-Kalnai-Havranek.pdf

escalate privileges from a non-administrator user to kernel mode privileges
https://www.youtube.com/watch?v=wD7HIcF-gaA

“An attacker with escalated privileges can use the module to enable or disable process protection on arbitrary PID. The Dell drivers are especially valuable because they are compatible with the newest signing requirements issued by Microsoft.”...

October 2, 2022 1:18 AM

ResearcherZero on Security Vulnerabilities in Covert CIA Websites :

@Bruce

In truth it is a thoroughly unglamorous profession. When I was brought home from deployment my mother beat me.

“Stop dying!” [WHACKING SOUNDS]

“Your son is a hero madam.”

“He is not a hero! He is a d__khead!” [BEATING SOUNDS]

October 2, 2022 1:09 AM

SpaceLifeForm on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@ JonKnowsNothing, Clive, ALL

Millions and Pennies

Don’t fool yourself. You have way more knowledge than you give yourself credit for. Do not listen to the nonsense coming from autocrats and authoritarians that want to put people down and try to convince them they are not worthy of a decent living. If I had a business, I would hire you in a heartbeat.

Most people actually have a useful skill. The problem is they can not find a job utilizing that skill with decent pay. If they do, they will still eventually get fired...

October 2, 2022 1:02 AM

ReacherZero on Security Vulnerabilities in Covert CIA Websites :

@Bruce

The police and the politicians were also incompetent, and any government department which may hold any records pertaining to you or manage the security of communications lines for any premises.

Dramatized reenactment of actual events in the 1990’s:

“The phone line is tapped.”

“The phone line is not tapped.”

“I’ve been watching the guy listening to the line. It has now been over a week since I first contacted you.”...

October 2, 2022 12:48 AM

Katarina on Friday Squid Blogging: Breeding the Oval Squid :

Is there information available about if not having an extensive digital footprint could have adverse consequences for ‘hermit’?

I am interested to know, if there are any publications, articles or any other knowledge available how people with particular small – or uncommon – digital footprints might or are affected by not leaving extensive digital breadcrumbs behind. I am thinking in the realm of Facebook shadow profiles for example, but in this case if not having enough ‘online profile’ can, unknowingly, affect ones life (I think for example about automatized reviewing of loan or insurance applications)...

October 2, 2022 12:43 AM

ResearcherZero on Security Vulnerabilities in Covert CIA Websites :

America’s Throwaway Spies

“the victim of CIA negligence”

A faulty CIA covert communications system made it easy for Iranian intelligence to identify and capture him.
https://www.reuters.com/investigates/special-report/usa-spies-iran/

The communication system is faulty in more ways than one. When I was attacked I was provided with a CIA bodyguard, and an escort when needed. Other victims were not, everyone just pretended nothing was happening, even though they knew who was responsible. No one even bothered to inform the victims they were in danger. Unsurprisingly many of them are now dead...

October 2, 2022 12:24 AM

lurker on Friday Squid Blogging: Breeding the Oval Squid :

re: Drones, adversarial use of,
I was scratching thru some old backups looking for a file lost in the fog of format extinction, and came upon my offline copy of something just as relevant today as it was ten years ago. More so perhaps, considering how easy it is to put leaks in pipelines:

‘https://www.consortiuminfo.org/cybersecurity/the-devils-in-the-cloud-our-headlong-rush-into-ultimate-cybersecurity-vulnerability/...

October 2, 2022 12:02 AM

ResearcherZero on Friday Squid Blogging: Breeding the Oval Squid :

“It would appear the way Defence handled this matter has left Saab exposed to a potentially game-changing level of scrutiny.”

Saab failed to “undertake or maintain adequate human rights due diligence which could prevent their product being used in potential human rights violations”, as well as failing to “preserve the integrity of heritage sites”.

Although the missile was ultimately found to be inert, or non-explosive, the Department of Defence has not answered questions about how it came to be at Lake Hart West...

October 1, 2022 11:36 PM

JonKnowsNothing on Friday Squid Blogging: Breeding the Oval Squid :

@Clive @All

re: When data becomes too sparse…

MSM reports: Johns Hopkins announced that it’s scaling back their COVID tracker due to the declining quality of data from U.S. states.

At the same time

MSM reports: New coronavirus subvariant BA.2.75.2 tops concerns as officials gear up for potential winter wave.

Place your bets:

  • BA.2.75.2
  • BQ.1.1
  • BA.2.3.20
  • BF.7, aka BA.5.2.1.7
  • BA.4.6

Hospitalizations up 37% in some cities… details not to follow…...

October 1, 2022 11:18 PM

ResearcherZero on Friday Squid Blogging: Breeding the Oval Squid :

complete transparency is needed to clarify what actually happened

“Secretary of State Tony Blinken who has yet to meet with any of the State Department victims despite saying he would prioritize the incidents.”
https://edition.cnn.com/2021/08/02/politics/havana-syndrome-state-department-diplomats-fears-frustration/index.html

“The Department of State’s response to these incidents was characterized by a lack of senior leadership, ineffective communications, and systemic disorganization,”...

October 1, 2022 11:17 PM

JonKnowsNothing on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@Clive, @SpaceLifeForm, All

re: I have no Agenda other than to hopefully help others learn stuff showing the dots cover a lot more ground than is taught.

I’m not in the same class as Clive, SpaceLifeForm and others, who have vastly deep understanding of many topics, but I bring a large knowledge base of issues covering many applications from years consulting in a variety of businesses. Each business has their own unique difficulties and current software and hardware tries to fit All Businesses into One Module. It doesn’t work for the businesses...

October 1, 2022 11:00 PM

ResearcherZero on Cold War Bugging of Soviet Facilities :

The “cornucopia of bugs placed in Russian diplomatic facilities” proved to be very useful in identifying particular individuals responsible for ordering certain covert operations. Other programs were also very helpful for confirming such details, as well as in determining when participants were divulging useful details during discussions, and verifying the authenticity of any information that was supplied...

October 1, 2022 10:16 PM

Clive Robinson on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@ SpaceLifeForm, ALL,

Re : Dots and spoons.

From a more liberal security perspective,

https://www.theguardian.com/world/2022/sep/27/whether-or-not-russia-was-behind-the-nord-stream-blasts-little-was-at-stake

That’s well over ten billion dollar’s of international infristructure gone in a matter of a second or so.

But who was behind it and why?

The argument it was Russia does not realy hold much weight...

October 1, 2022 8:20 PM

Clive Robinson on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@ SpaceLifeForm, ALL,

Re : Of dots and spoons.

I try to cover all the steps on the journy from A to B as I assume the audiance is very wide, and I’d rather be of minor annoyance to those that see themselves as elite sprinters than otherwise “leave people behind”[1]. We don’t need self apointed elitists, who basically want to maintain a position by suppression. Often by “pulling up the draw bridge behind them”...

October 1, 2022 7:47 PM

Clive Robinson on Friday Squid Blogging: Breeding the Oval Squid :

@ vas pup, ALL,

With regards the alledged Musk quote of,

“Tesla wanted to make sure the transition to a society in which robots did the work and people reaped the benefits was a safe one.”

It’s the same argument used for keeping “livestock, slaves and serfs”… And which various Empire’s have set out to do time and time again, and it mostly has never worked out with slaves and serfs.

It’s also not worked out with livestock either. The work involved with horses and oxen ment that they were easily replaced with simple inefficient machines...

October 1, 2022 7:26 PM

Clive Robinson on Friday Squid Blogging: Breeding the Oval Squid :

@ fib, SpaceLifeForm, All interested,

Re : Stable Diffusion.

“An example of what I am talking about would be the discussion here of the so-called ‘stable diffusion’… …something that could not be further from the cold mathematics of cryptography,”

Actually it’s very close to cryptography when you lift the hood, you find it uses a form of “autoencoder”.

Very roughly autoencoders are defined by having two sets X and Y that are Euclidian spaces, and two mapping functions the Encoding function E for mapping X to Y and the Decoding function D for mapping Y to X...

October 1, 2022 6:01 PM

SpaceLifeForm on Friday Squid Blogging: Breeding the Oval Squid :

@ fib

Stable Confusion is a way to fingerprint users communicating. Which is fine, if they are crooks laundering money and under investigation. Crooks are stupid and so they will likely reveal. They likely use an iPhone. Prestige and all.

https://www.schneier.com/blog/archives/2021/08/apple-adds-a-backdoor-to-imesssage-and-icloud-storage.html

https://www.schneier.com/blog/archives/2021/08/more-on-apples-iphone-backdoor.html...

October 1, 2022 4:32 PM

SpaceLifeForm on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@ fib, Winter, ALL

Echo

I am a public-interest technologist, working at the intersection of security, technology, and people.

Note: people

I have no Agenda other than to hopefully help others learn stuff by connecting dots. If one does not want to read, and possibly learn something, there is nothing more that I can do. You can lead a horse to water . . .

In general, I tend to not comment much on the non-squid articles unless there is something related that was not mentioned, but that which I had already read. I have tabs loaded and ready...

October 1, 2022 4:21 PM

vas pup on Friday Squid Blogging: Breeding the Oval Squid :

Tesla boss Elon Musk presents humanoid robot Optimus
https://www.bbc.com/news/technology-63100636

“But Mr Musk said he wanted to solve one of the toughest problems artificial intelligence: how to make a machine that can replace a human.

The entrepreneur, who once warned of artificial intelligence being a threat to humanity, said that Tesla wanted to make sure the transition to a society in which robots did the work and people reaped the benefits was a safe one...

October 1, 2022 12:17 PM

ThreeRs on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@Nick Levinson

Thanks for the prod to add a comment to this edition of the Friday Squid Blog.

I have been reading comments on these posts for several years now, sporadically at first, and with much more regularity now that I’ve retired. I’ve enjoyed the many differing viewpoints. As @Winter noted, these often provide an opportunity for examining my own position. The divergent comments have given me many things to think about regarding life in this world. I appreciate that and along with the various personalities of the commenters and their interactions makes this an interesting place for me...

October 1, 2022 12:07 PM

Winter on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@fib

At a continued 2.4% annual increase in power production, the surface of the Earth reaches boiling temperatures in about 400 years and reaches the surface temperature of the Sun within 1000 years.

There is no way humans can produce that much energy/heat in any way. Every exponential growth runs into physical limitations soon. It is like saying rats multiply so fast that in a few years there will be a layer of rats as high as the Mount Everest...

October 1, 2022 10:58 AM

erika on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@Clive

We can keep batting this back and forth but my original point applies that you have not made any constructive comments or contributed positively to this blog, nothing that anyone can learn from and you are still not doing it.

First of all I don’t think this blog is a place to learn communication theory.

Given Bruce’s background, the focus is more likely to be cryptology, both algorithms and protocols, and IT security. And telecom and DSP theory is a vast subject that you won’t learn in any depth by reading what is posted here. For those who want to put in the effort, there are much better resources available, many for free...

October 1, 2022 9:02 AM

Clive Robinson on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@ Nick Levinson, Erika, Winter, ALL,

Re : Free to comment is not Free Speech.

“Anyone who has not contributed is free to comment on the discrepancy between a blog’s scope and what is contains.”

Yes but it is as our host by action has pointed out “not free speach”.

Thus a comment has to be as a minimum,

1, Polite.
2, Constructive.

In the past comments not within those minimum constraints have been quickly culled, as many here can confirm...

October 1, 2022 8:50 AM

fib on Friday Squid Blogging: Breeding the Oval Squid :

In the last iteration of the squid thread, a question was raised about the propriety of the themes discussed here. I personally understand, through observation of the custom [something very important in common law, in whose jurisdiction the servers of this site are physically located] that the thread allows for greater latitude in postings, which, as other members have pointed out, is always positive in discussions. You never know where the next good idea will come from [good ideas in bad books…]...

October 1, 2022 8:25 AM

Nick Levinson on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@Erika, @Clive Robinson, & @Winter:

I take the scope of this blog, being Bruce’s, to be what he says it is as exemplified by what he posts in between announcing the Friday squid pages. That’s largely about computer security (I count 6 of 8 of non-squid pages on the home page in the last few minutes as substantially computer-related). That’s akin to what he is concerned about having missed and inviting us to add...

October 1, 2022 7:57 AM

fib on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@Winter

That is a strange and unnecessary conclusion.

I think the authors themselves lead me to that conclusion when they state

the Stefan-Boltzmann Law in physics prescribes the equilibrium temperature of the planet’s surface as a function of power produced. At a continued 2.4% annual increase in power production, the surface of the Earth reaches boiling temperatures in about 400 years and reaches the surface temperature of the Sun within 1000 years. These numbers—...

October 1, 2022 6:05 AM

Clive Robinson on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@ erika,

“I didn’t post any antenna theory at all, so what mistake ?”

You made an incorect claim, go back and read what you wrote agai.

“Misleading quote. I wrote “Many HAMs today” “

It’s not even “Many HAMs” so you were wrong either way. As I’ve explained it’s about “radio sports”, that started with people using CW and trying to contact a number of countries or states etc. Such is not at all exciting to listen to but that is not the point to each their own. However as in all facits of life there will always be those who claim,...

October 1, 2022 3:28 AM

Winter on Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach :

@Erika

First of all, Erika (with a ‘k’) is my real name.

Sorry for the confusion. I know too many Eri(c|k)a’s. Sometimes I mix them up.

but the latter half of my career was all about communications and signal intelligence.

So it is a pity you did not share more of your knowledge. I for instance, am certainly interested.

So if @Clive tries to suggest I know nothing about radio he is just uttering his own stupid prejudices. ...

Sidebar photo of Bruce Schneier by Joe MacInnis.