Bruce Schneier – Page 40 – WindowsTechs.com

Pairwise Authentication of Humans

Posted on February 10, 2025 by Bruce Schneier

Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations.

To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons.

This is how it works:

Two people, Person A and Person B, sit in front of the same computer and open this page;

They input their respective names (e.g. Alice and Bob) onto the same page, and click “Generate”;

The page will generate two TOTP QR codes, one for Alice and one for Bob;
…

Continue reading Pairwise Authentication of Humans→

UK Is Ordering Apple to Break Its Own Encryption

Posted on February 8, 2025 by Bruce Schneier

The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement.

This is a big deal, and something we in the security community have worried was coming for a while now.

The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment…

Continue reading UK Is Ordering Apple to Break Its Own Encryption→

Friday Squid Blogging: The Colossal Squid

Posted on February 7, 2025 by Bruce Schneier

Long article on the colossal squid.
Blog moderation policy.
Continue reading Friday Squid Blogging: The Colossal Squid→

Screenshot-Reading Malware

Posted on February 7, 2025 by Bruce Schneier

Kaspersky is reporting on a new type of smartphone malware.
The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment… Continue reading Screenshot-Reading Malware→

AIs and Robots Should Sound Robotic

Posted on February 6, 2025 by Bruce Schneier

Most people know that robots no longer sound like tinny trash cans. They sound like Siri, Alexa, and Gemini. They sound like the voices in labyrinthine customer support phone trees. And even those robot voices are being made obsolete by new AI-generated voices that can mimic every vocal nuance and tic of human speech, down to specific regional accents. And with just a few seconds of audio, AI can now clone someone’s specific voice.

This technology will replace humans in many areas. Automated customer support will save money by cutting staffing at …

Continue reading AIs and Robots Should Sound Robotic→

On Generative AI Security

Posted on February 5, 2025 by Bruce Schneier

Microsoft’s AI Red Team just published “Lessons from
Red Teaming 100 Generative AI Products.” Their blog post lists “three takeaways,” but the eight lessons in the report itself are more useful:

Understand what the system can do and where it is applied.

You don’t have to compute gradients to break an AI system.

AI red teaming is not safety benchmarking.

Automation can help cover more of the risk landscape.

The human element of AI red teaming is crucial.

Responsible AI harms are pervasive but difficult to measure.

LLMs amplify existing security risks and introduce new ones…

Continue reading On Generative AI Security→

On Generative AI Security

Posted on February 5, 2025 by Bruce Schneier

Understand what the system can do and where it is applied.

You don’t have to compute gradients to break an AI system.

AI red teaming is not safety benchmarking.

Automation can help cover more of the risk landscape.

The human element of AI red teaming is crucial.

Responsible AI harms are pervasive but difficult to measure.

LLMs amplify existing security risks and introduce new ones…

Continue reading On Generative AI Security→

Deepfakes and the 2024 US Election

Posted on February 4, 2025 by Bruce Schneier

Interesting analysis:

We analyzed every instance of AI use in elections collected by the WIRED AI Elections Project (source for our analysis), which tracked known uses of AI for creating political content during elections taking place in 2024 worldwide. In each case, we identified what AI was used for and estimated the cost of creating similar content without AI.

We find that (1) half of AI use isn’t deceptive, (2) deceptive content produced using AI is nevertheless cheap to replicate without AI, and (3) focusing on the demand for misinformation rather than the supply is a much more effective way to diagnose problems and identify interventions…

Continue reading Deepfakes and the 2024 US Election→

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

Posted on February 3, 2025 by Bruce Schneier

This is yet another story of commercial spyware being used against journalists and civil society members.

The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised.”

It is not clear who was behind the attack. Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks…

Continue reading Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware→

Friday Squid Blogging: On Squid Brains

Posted on January 31, 2025 by Bruce Schneier

Interesting.
Blog moderation policy.
Continue reading Friday Squid Blogging: On Squid Brains→