The Hawaiian Bobtail Squid’s genome is half again the size of a human’s. Other facts: The Hawaiian bobtail squid has two different symbiotic organs, and researchers were able to show that each of these took different paths in their evolution. This particular species of squid has a light organ that harbors a light-producing, or bioluminescent, … Read More “Friday Squid Blogging: The Hawaiian Bobtail Squid Genome” »
Gregory C. Allen at the Center for a New American Security has a new report with some interesting analysis and insights into China’s AI strategy, commercial, government, and military. There are numerous security — and national security — implications. Powered by WPeMatico
In Gmail addresses, the dots don’t matter. The account “bruceschneier@gmail.com” maps to the exact same address as “bruce.schneier@gmail.com” and “b.r.u.c.e.schneier@gmail.com” — and so on. (Note: I own none of those addresses, if they are actually valid.) This fact can be used to commit fraud: Recently, we observed a group of BEC actors make extensive use … Read More “Using Gmail “Dot Addresses” to Commit Fraud” »
Zcash just fixed a vulnerability that would have allowed “infinite counterfeit” Zcash. Like all the other blockchain vulnerabilities and updates, this demonstrates the ridiculousness of the notion that code can replace people, that trust can be encompassed in the protocols, or that human governance is not ncessary. Powered by WPeMatico
The Wired headline sums it up nicely — “Facebook Hires Up Three of Its Biggest Privacy Critics“: In December, Facebook hired Nathan White away from the digital rights nonprofit Access Now, and put him in the role of privacy policy manager. On Tuesday of this week, lawyers Nate Cardozo, of the privacy watchdog Electronic Frontier … Read More “Facebook’s New Privacy Hires” »
Nice recipe. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Our work in cybersecurity is inexorably intertwined with public policy and — more generally — the public interest. It’s obvious in the debates on encryption and vulnerability disclosure, but it’s also part of the policy discussions about the Internet of Things, cryptocurrencies, artificial intelligence, social media platforms, and pretty much everything else related to IT. … Read More “Public-Interest Tech at the RSA Conference” »
The security is terrible: In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered (stored in plaintext into the flash memory). No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption). Root certificate and RSA private … Read More “Security Analysis of the LIFX Smart Light Bulb” »
This is kind of a crazy iPhone vulnerability: it’s possible to call someone on FaceTime and listen on their microphone — and see from their camera — before they accept the call. This is definitely an embarrassment, and Apple was right to disable Group FaceTime until it’s fixed. But it’s hard to imagine how an … Read More “iPhone FaceTime Vulnerability” »
The Japanese government is going to run penetration tests against all the IoT devices in their country, in an effort to (1) figure out what’s insecure, and (2) help consumers secure them: The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, … Read More “Japanese Government Will Hack Citizens’ IoT Devices” »