Friday Squid Blogging: Self-Healing Materials from Squid Teeth
Making self-healing materials based on the teeth in squid suckers.
Blog moderation policy.
Continue reading Friday Squid Blogging: Self-Healing Materials from Squid Teeth
Author Archives: Bruce Schneier
Take a Selfie Using a NY Surveillance Camera
This site will let you take a selfie with a New York City traffic surveillance camera.
EDITED TO ADD: BoingBoing post.
Continue reading Take a Selfie Using a NY Surveillance Camera
Surveillance Watch
This is a fantastic project mapping the global surveillance industry.
Continue reading Surveillance Watch
Story of an Undercover CIA Agent who Penetrated Al Qaeda
Rolling Stone has a long investigative story (non-paywalled version here) about a CIA agent who spent years posing as an Islamic radical.
Unrelated, but also in the “real life spies” file: a fake Sudanese diving resort run by Mossad.
Continue reading Story of an Undercover CIA Agent who Penetrated Al Qaeda
Hacking Wireless Bicycle Shifters
This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement t… Continue reading Hacking Wireless Bicycle Shifters
The State of Ransomware
Palo Alto Networks published its semi-annual report on ransomware. From the Executive Summary:
Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week. Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed.
In February, we reported a 49% increase year-over-year in alleged victims posted on ransomware leak sites. So far, in 2024, comparing the first half of 2023 to the first half of 2024, we see an even further increase of 4.3%. The higher level of activity observed in 2023 was no fluke…
Friday Squid Blog: The Market for Squid Oil Is Growing
How did I not know before now that there was a market for squid oil?
The squid oil market has experienced robust growth in recent years, expanding from $4.56 billion in 2023 to $4.94 billion in 2024 at a compound annual growth rate (CAGR) of 8.5%. The … Continue reading Friday Squid Blog: The Market for Squid Oil Is Growing
New Windows IPv6 Zero-Click Vulnerability
The press is reporting a critical Windows vulnerability affecting IPv6.
As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets.
Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consistently exploit the flaw in attacks.”
Details are being withheld at the moment. Microsoft strongly recommends …
NIST Releases First Post-Quantum Encryption Algorithms
From the Federal Register:
After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+.
These algorithms are part of three NIST standards that have been finalized:
- FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard
- FIPS 204: Module-Lattice-Based Digital Signature Standard
- FIPS 205: Stateless Hash-Based Digital Signature Standard…
Continue reading NIST Releases First Post-Quantum Encryption Algorithms
Texas Sues GM for Collecting Driving Data without Consent
Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies:
From CNN:
In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” according to the AG’s statement.
General Motors sold this information to several other companies, including to at least two companies for the purpose of generating “Driving Scores” about GM’s customers, the AG alleged. The suit said those two companies then sold these scores to insurance companies…
Continue reading Texas Sues GM for Collecting Driving Data without Consent