Collaborate Disseminate
The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business.
Continue reading Justice Department Indicts Tech CEO for Falsifying Security Certifications
The men’s world conkers champion is accused of cheating with a steel chestnut.
Continue reading Cheating at Conkers
The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here).
The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand. Sometime in 2023, she offered Hezbollah a deal on one of the products her firm sold: the rugged and reliable AR924…
Continue reading More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies
Perfectl in an impressive piece of malware:
The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on many Linux machines.
The researchers are calling the malware Perfctl, the name of a malicious component that surreptitiously mines cryptocurrency. The unknown developers of the malware gave the process a name that combines the perf Linux monitoring tool and ctl, an abbreviation commonly used with command line tools. A signature characteristic of Perfctl is its use of process and file names that are identical or similar to those commonly found in Linux environments. The naming convention is one of the many ways the malware attempts to escape notice of infected users…
Fishermen in Tamil Nadu are reporting smaller catches of squid.
Blog moderation policy.
Continue reading Indian Fishermen Are Catching Less Squid
In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in fall 2025. My co-author and collaborator Nathan Sanders and I are hard at work writing.
At this point, we would like feedback on titles. Here are four possibilities:
After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me. Whatever ideas he had, they were developed on public time using public resources: he shouldn’t have been able to leave military service with them in his back pocket.
In any case, it was never clear what those ideas were. IronNet never seemed to have any special technology going for it. Near as I could tell, its success was entirely based on Alexander’s name…
An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs.
Ecovacs’s privacy policy—available elsewhere in the app—allows for blanket collection of user data for research purposes, including:
- The 2D or 3D map of the user’s house generated by the device
- Voice recordings from the device’s microphone
- Photos or videos recorded by the device’s camera
It also states that voice recordings, videos and photos that are deleted via the app may continue to be held and used by Ecovacs…
Continue reading Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI
Two students have created a demo of a smart-glasses app that performs automatic facial recognition and then information lookups. Kind of obvious—something similar was done in 2011—but the sort of creepy demo that gets attention.
News article.
Continue reading Auto-Identification Smart Glasses
The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994.
It’s a weird story. The first line of the article is: “A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers.” This implies that the attack wasn’t against the broadband providers directly, but against one of the intermediary companies that sit between the government CALEA requests and the broadband providers…
Continue reading China Possibly Hacking US “Lawful Access” Backdoor