IACR Nullifies Election Because of Lost Decryption Key

Posted on By infossl
encryption, keys, operational security, Security technology, Uncategorized, voting

The International Association of Cryptologic Research—the academic cryptography association that’s been putting conferences like Crypto (back when “crypto” meant “cryptography”) and Eurocrypt since the 1980s—had to nullify an online election when trustee Moti Yung lost his decryption key. For this election and in accordance with the bylaws of the IACR, the three members of the … Read More “IACR Nullifies Election Because of Lost Decryption Key” »

More on Rewiring Democracy

Posted on By infossl
books, Rewiring Democracy, Schneier news, Security technology, Uncategorized

It’s been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what we know, sales are good. Some of the book’s forty-three chapters are available online: chapters 2, 12, 28, 34, 38, and 41. We need more reviews—six on Amazon is not enough, and no one has … Read More “More on Rewiring Democracy” »

AI as Cyberattacker

Posted on By infossl
AI, cyberattack, cyberespionage, espionage, Security technology, Uncategorized

From Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree­—using AI not just as an advisor, but to execute the cyberattacks themselves. The threat actor—­whom we assess with high confidence was a Chinese state-sponsored group—­manipulated … Read More “AI as Cyberattacker” »

Scam USPS and E-Z Pass Texts and Websites

Posted on By infossl
china, cybercrime, google, phishing, scams, Security technology, Uncategorized

Google has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of unsuspecting people into “disclosing sensitive information like passwords, credit card … Read More “Scam USPS and E-Z Pass Texts and Websites” »

Legal Restrictions on Vulnerability Disclosure

Posted on By infossl
courts, disclosure, Security technology, Uncategorized, video, vulnerabilities

Kendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities—exactly the opposite of what the responsible disclosure movement of the early 2000s was supposed to prevent. This is the talk. Thirty years ago, a debate … Read More “Legal Restrictions on Vulnerability Disclosure” »

Friday Squid Blogging: Pilot Whales Eat a Lot of Squid

Posted on By infossl
Security technology, squid, Uncategorized

Short-finned pilot wales (Globicephala macrorhynchus) eat at lot of squid: To figure out a short-finned pilot whale’s caloric intake, Gough says, the team had to combine data from a variety of sources, including movement data from short-lasting tags, daily feeding rates from satellite tags, body measurements collected via aerial drones, and sifting through the stomachs … Read More “Friday Squid Blogging: Pilot Whales Eat a Lot of Squid” »

Book Review: The Business of Secrets

Posted on By infossl
business of security, cryptography, encryption, history of cryptography, Security technology, Uncategorized

The Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch (May 24, 2004) From the vantage point of today, it’s surreal reading about the commercial cryptography business in the 1970s. Nobody knew anything. The manufacturers didn’t know whether the cryptography they sold was any good. The customers didn’t know whether the … Read More “Book Review: The Business of Secrets” »