Bruce Schneier – Page 37 – WindowsTechs.com

Florida Backdoor Bill Fails

Posted on May 12, 2025 by Bruce Schneier

A Florida bill requiring encryption backdoors failed to pass.
Continue reading Florida Backdoor Bill Fails→

Friday Squid Blogging: Japanese Divers Video Giant Squid

Posted on May 9, 2025 by Bruce Schneier

The video is really amazing.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Continue reading Friday Squid Blogging: Japanese Divers Video Giant Squid→

Chinese AI Submersible

Posted on May 7, 2025 by Bruce Schneier

A Chinese company has developed an AI-piloted submersible that can reach speeds “similar to a destroyer or a US Navy torpedo,” dive “up to 60 metres underwater,” and “remain static for more than a month, like the stealth capabilities of a nuclear submarine.” In case you’re worried about the military applications of this, you can relax because the company says that the submersible is “designated for civilian use” and can “launch research rockets.”

“Research rockets.” Sure.

… Continue reading Chinese AI Submersible→

Fake Student Fraud in Community Colleges

Posted on May 6, 2025 by Bruce Schneier

Reporting on the rise of fake students enrolling in community college courses:

The bots’ goal is to bilk state and federal financial aid money by enrolling in classes, and remaining enrolled in them, long enough for aid disbursements to go out. They often accomplish this by submitting AI-generated work. And because community colleges accept all applicants, they’ve been almost exclusively impacted by the fraud.

The article talks about the rise of this type of fraud, the difficulty of detecting it, and how it upends quite a bit of the class structure and learning community…

Continue reading Fake Student Fraud in Community Colleges→

Another Move in the Deepfake Creation/Detection Arms Race

Posted on May 5, 2025 by Bruce Schneier

Deepfakes are now mimicking heartbeats

In a nutshell

Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to heartbeats.

The assumption that deepfakes lack physiological signals, such as heart rate, is no longer valid. This challenges many existing detection tools, which may need significant redesigns to keep up with the evolving technology.

To effectively identify high-quality deepfakes, researchers suggest shifting focus from just detecting heart rate signals to analyzing how blood flow is distributed across different facial regions, providing a more accurate detection strategy…

Continue reading Another Move in the Deepfake Creation/Detection Arms Race→

Friday Squid Blogging: Pyjama Squid

Posted on May 2, 2025 by Bruce Schneier

The small pyjama squid (Sepioloidea lineolata) produces toxic slime, “a rare example of a poisonous predatory mollusc.”
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Continue reading Friday Squid Blogging: Pyjama Squid→

Privacy for Agentic AI

Posted on May 2, 2025 by Bruce Schneier

Sooner or later, it’s going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it’s worth thinking about the security of that now, while its still a nascent idea.

In 2019, I joined Inrupt, a company that is commercializing Tim Berners-Lee’s open protocol for distributed data ownership. We are working on a digital wallet that can make use of AI in this way. (We used to call it an “active wallet.” Now we’re calling it an “agentic wallet.”)

I talked about this a bit at the RSA Conference…

Continue reading Privacy for Agentic AI→

NCSC Guidance on “Advanced Cryptography”

Posted on May 2, 2025 by Bruce Schneier

The UK’s National Cyber Security Centre just released its white paper on “Advanced Cryptography,” which it defines as “cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography.” It includes things like homomorphic encryption, attribute-based encryption, zero-knowledge proofs, and secure multiparty computation.

It’s full of good advice. I especially appreciate this warning:

When deciding whether to use Advanced Cryptography, start with a clear articulation of the problem, and use that to guide the development of an appropriate solution. That is, you should not start with an Advanced Cryptography technique, and then attempt to fit the functionality it provides to the problem. …

Continue reading NCSC Guidance on “Advanced Cryptography”→

US as a Surveillance State

Posted on May 1, 2025 by Bruce Schneier

Two essays were just published on DOGE’s data collection and aggregation, and how it ends with a modern surveillance state.
It’s good to see this finally being talked about.
EDITED TO ADD (5/3): Here’s a free link to that first essay.
Continue reading US as a Surveillance State→

WhatsApp Case Against NSO Group Progressing

Posted on April 30, 2025 by Bruce Schneier

Meta is suing NSO Group, basically claiming that the latter hacks WhatsApp and not just WhatsApp users. We have a procedural ruling:

Under the order, NSO Group is prohibited from presenting evidence about its customers’ identities, implying the targeted WhatsApp users are suspected or actual criminals, or alleging that WhatsApp had insufficient security protections.

[…]

In making her ruling, Northern District of California Judge Phyllis Hamilton said NSO Group undercut its arguments to use evidence about its customers with contradictory statements…

Continue reading WhatsApp Case Against NSO Group Progressing→