This is a clever hack against those bike-rental kiosks: They’re stealing Citi Bikes by switching the QR scan codes on two bicycles near each other at a docking station, then waiting for an unsuspecting cyclist to try to unlock a bike with his or her smartphone app. The app doesn’t work for the rider but … Read More “Stealing Bicycles by Swapping QR Codes” »
There’s a lot of fishing going on: The number of Chinese-flagged vessels in the south Pacific has surged 13-fold from 54 active vessels in 2009 to 707 in 2020, according to the SPRFMO. Meanwhile, the size of China’s squid catch has grown from 70,000 tons in 2009 to 358,000. As usual, you can also use … Read More “Friday Squid Blogging: South American Squid Stocks Threatened by Chinese Fishing” »
A reporter interviews a Uyghur human-rights advocate, and uses the Otter.ai transcription app. The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview. It read: “Hey Phelim, to help us improve your Otter’s experience, what was the purpose of this particular recording with … Read More “Possible Government Surveillance of the Otter.ai Transcription App” »
Google’s Project Zero is reporting that software vendors are patching their code faster. tl;dr In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. In addition to the average now being well below … Read More “Vendors are Fixing Security Flaws Faster” »
Two US Senators claim that the CIA has been running an unregulated — and almost certainly illegal — mass surveillance program on Americans. The senator’s statement. Some declassified information from the CIA. No real details yet. Powered by WPeMatico
An actually serious scientific journal has published a paper speculating that octopus and squid could be of extraterrestrial origin. News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Senators have reintroduced the EARN IT Act, requiring social media companies (among others) to administer a massive surveillance operation on their users: A group of lawmakers led by Sen. Richard Blumenthal (D-CT) and Sen. Lindsey Graham (R-SC) have re-introduced the EARN IT Act, an incredibly unpopular bill from 2020 that was dropped in the face … Read More “The EARN IT Act Is Back” »
MIT Technology Review published an interview with Gil Herrera, the new head of the NSA’s Research Directorate. There’s a lot of talk about quantum computing, monitoring 5G networks, and the problems of big data: The math department, often in conjunction with the computer science department, helps tackle one of NSA’s most interesting problems: big data. … Read More “Interview with the Head of the NSA’s Research Directorate” »
The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close working relationships with a handful of … Read More “Finding Vulnerabilities in Open Source Projects” »
There are two bills working their way through Congress that would force companies like Apple to allow competitive app stores. Apple hates this, since it would break its monopoly, and it’s making a variety of security arguments to bolster its argument. I have written a rebuttal: I would like to address some of the unfounded … Read More “Me on App Store Monopolies and Security” »