Bruce Schneier – Page 42 – WindowsTechs.com

Biden Signs New Cybersecurity Order

Posted on January 20, 2025 by Bruce Schneier

President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide.

Some details:

The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents—namely, the security failures of federal contractors.

The order requires software vendors to submit proof that they follow secure development practices, building on a mandate that debuted in 2022 in response to …

Continue reading Biden Signs New Cybersecurity Order→

Friday Squid Blogging: Opioid Alternatives from Squid Research

Posted on January 17, 2025 by Bruce Schneier

Is there nothing that squid research can’t solve?
“If you’re working with an organism like squid that can edit genetic information way better than any other organism, then it makes sense that that might be useful for a therapeutic app… Continue reading Friday Squid Blogging: Opioid Alternatives from Squid Research→

FBI Deletes PlugX Malware from Thousands of Computers

Posted on January 16, 2025 by Bruce Schneier

According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.”

Details:

To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to the FBI, at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.

It was that very server that allowed the FBI to finally kill this pesky bit of malicious software. First, they tapped the know-how of French intelligence agencies, which had …

Continue reading FBI Deletes PlugX Malware from Thousands of Computers→

Phishing False Alarm

Posted on January 15, 2025 by Bruce Schneier

A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to combat it—until it turned out it was company management sending the gift cards.
Continue reading Phishing False Alarm→

Upcoming Speaking Engagements

Posted on January 14, 2025 by Bruce Schneier

This is a current list of where and when I am scheduled to speak:

I’m speaking on “AI: Trust & Power” at Capricon 45 in Chicago, Illinois, USA, at 11:30 AM on February 7, 2025. I’m also signing books there on Saturday, February 8, starting at 1:45… Continue reading Upcoming Speaking Engagements→

The First Password on the Internet

Posted on January 14, 2025 by Bruce Schneier

It was created in 1973 by Peter Kirstein:

So from the beginning I put password protection on my gateway. This had been done in such a way that even if UK users telephoned directly into the communications computer provided by Darpa in UCL, they would require a password.

In fact this was the first password on Arpanet. It proved invaluable in satisfying authorities on both sides of the Atlantic for the 15 years I ran the service during which no security breach occurred over my link. I also put in place a system of governance that any UK users had to be approved by a committee which I chaired but which also had UK government and British Post Office representation…

Continue reading The First Password on the Internet→

Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Posted on January 13, 2025 by Bruce Schneier

Not sure this will matter in the end, but it’s a positive move:

Microsoft is accusing three individuals of running a “hacking-as-a-service” scheme that was designed to allow the creation of harmful and illicit content using the company’s platform for AI-generated content.

The foreign-based defendants developed tools specifically designed to bypass safety guardrails Microsoft has erected to prevent the creation of harmful content through its generative AI services, said Steven Masada, the assistant general counsel for Microsoft’s Digital Crimes Unit. They then compromised the legitimate accounts of paying customers. They combined those two things to create a fee-based platform people could use…

Continue reading Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme→

Friday Squid Blogging: Cotton-and-Squid-Bone Sponge

Posted on January 10, 2025 by Bruce Schneier

News:

A sponge made of cotton and squid bone that has absorbed about 99.9% of microplastics in water samples in China could provide an elusive answer to ubiquitous microplastic pollution in water across the globe, a new report suggests.

[…]

The study tested the material in an irrigation ditch, a lake, seawater and a pond, where it removed up to 99.9% of plastic. It addressed 95%-98% of plastic after five cycles, which the authors say is remarkable reusability.

The sponge is made from chitin extracted from squid bone and cotton cellulose, materials that are often used to address pollution. Cost, secondary pollution and technological complexities have stymied many other filtration systems, but large-scale production of the new material is possible because it is cheap, and raw materials are easy to obtain, the authors say…

Continue reading Friday Squid Blogging: Cotton-and-Squid-Bone Sponge→

Apps That Are Spying on Your Location

Posted on January 10, 2025 by Bruce Schneier

404 Media and Wired are reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics:

The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem—not code developed by the app creators themselves—this data collection is likely happening both without users’ and even app developers’ knowledge…

Continue reading Apps That Are Spying on Your Location→