Crypto-Gram: 2024 Archives

November 15, 2024

In this issue:

  1. More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies
  2. Cheating at Conkers
  3. Justice Department Indicts Tech CEO for Falsifying Security Certifications
  4. AI and the SEC Whistleblower Program
  5. No, the Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer
  6. Are Automatic License Plate Scanners Constitutional?
  7. Watermark for LLM-Generated Text
  8. Criminals Are Blowing up ATMs in Germany
  9. Law Enforcement Deanonymizes Tor Users
  10. Simson Garfinkel on Spooky Cryptographic Action at a Distance
  11. Tracking World Leaders Using Strava
  12. Roger Grimes on Prioritizing Cybersecurity Advice
  13. Sophos Versus the Chinese Hackers
  14. AIs Discovering Vulnerabilities
  15. IoT Devices in Password-Spraying Botnet
  16. Subverting LLM Coders
  17. Prompt Injection Defenses Against LLM Cyberattacks
  18. AI Industry is Trying to Subvert the Definition of “Open Source AI”
  19. Criminals Exploiting FBI Emergency Data Requests
  20. Mapping License Plate Scanners in the US
  21. New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones
Read This Issue →

October 15, 2024

In this issue:

  1. Legacy Ivanti Cloud Service Appliance Being Exploited
  2. Python Developers Targeted with Malware During Fake Job Interviews
  3. Remotely Exploding Pagers
  4. FBI Shuts Down Chinese Botnet
  5. Clever Social Engineering Attack Using Captchas
  6. Hacking the “Bike Angels” System for Moving Bikeshares
  7. Israel’s Pager Attacks and Supply Chain Vulnerabilities
  8. New Windows Malware Locks Computer in Kiosk Mode
  9. An Analysis of the EU’s Cyber Resilience Act
  10. NIST Recommends Some Common-Sense Password Rules
  11. AI and the 2024 US Elections
  12. Hacking ChatGPT by Planting False Memories into Its Data
  13. California AI Safety Bill Vetoed
  14. Weird Zimbra Vulnerability
  15. Largest Recorded DDoS Attack is 3.8 Tbps
  16. China Possibly Hacking US “Lawful Access” Backdoor
  17. Auto-Identification Smart Glasses
  18. Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI
  19. IronNet Has Shut Down
  20. More on My AI and Democracy Book
  21. Perfectl Malware
  22. Upcoming Speaking Engagements
Read This Issue →

September 15, 2024

In this issue:

  1. NIST Releases First Post-Quantum Encryption Algorithms
  2. New Windows IPv6 Zero-Click Vulnerability
  3. The State of Ransomware
  4. Hacking Wireless Bicycle Shifters
  5. Story of an Undercover CIA Officer who Penetrated Al Qaeda
  6. Surveillance Watch
  7. Take a Selfie Using a NY Surveillance Camera
  8. US Federal Court Rules Against Geofence Warrants
  9. The Present and Future of TV Surveillance
  10. Matthew Green on Telegram’s Encryption
  11. Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published
  12. SQL Injection Attack on Airport Security
  13. List of Old NSA Training Videos
  14. Security Researcher Sued for Disproving Government Statements
  15. Long Analysis of the M-209
  16. YubiKey Side-Channel Attack
  17. Australia Threatens to Force Companies to Break Encryption
  18. New Chrome Zero-Day
  19. Evaluating the Effectiveness of Reward Modeling of Generative AI Systems
  20. Microsoft Is Adding New Cryptography Algorithms
  21. My TedXBillings Talk
  22. Upcoming Speaking Engagements
Read This Issue →

August 15, 2024

In this issue:

  1. Hacking Scientific Citations
  2. Cloudflare Reports that Almost 7% of All Internet Traffic Is Malicious
  3. Criminal Gang Physically Assaulting People for Their Cryptocurrency
  4. Brett Solomon on Digital Rights
  5. Snake Mimics a Spider
  6. 2017 ODNI Memo on Kaspersky Labs
  7. Robot Dog Internet Jammer
  8. Data Wallets Using the Solid Protocol
  9. The CrowdStrike Outage and Market-Driven Brittleness
  10. Compromising the Secure Boot Process
  11. New Research in Detecting AI-Generated Videos
  12. Providing Security Updates to Automobile Software
  13. Education in Secure Software Development
  14. Leaked GitHub Python Token
  15. New Patent Application for Car-to-Car Surveillance
  16. On the Cyber Safety Review Board
  17. Problems with Georgia’s Voter Registration Portal
  18. People-Search Site Removal Services Largely Ineffective
  19. Taxonomy of Generative AI Misuse
  20. On the Voynich Manuscript
  21. Texas Sues GM for Collecting Driving Data without Consent
  22. Upcoming Speaking Engagements
Read This Issue →

July 15, 2024

In this issue:

  1. Using LLMs to Exploit Vulnerabilities
  2. Rethinking Democracy for the Age of AI
  3. The Hacking of Culture and the Creation of Socio-Technical Debt
  4. New Blog Moderation Policy
  5. Recovering Public Keys from Signatures
  6. Ross Anderson’s Memorial Service
  7. Paul Nakasone Joins OpenAI’s Board of Directors
  8. Breaking the M-209
  9. The US Is Banning Kaspersky
  10. Security Analysis of the EU’s Digital Wallet
  11. James Bamford on Section 702 Extension
  12. Model Extraction from Neural Networks
  13. Public Surveillance of Bars
  14. Upcoming Book on AI and Democracy
  15. New Open SSH Vulnerability
  16. On the CSRB’s Non-Investigation of the SolarWinds Attack
  17. Reverse-Engineering Ticketmaster’s Barcode System
  18. RADIUS Vulnerability
  19. Apple Is Alerting iPhone Users of Spyware Attacks
  20. The NSA Has a Long-Lost Lecture by Adm. Grace Hopper
  21. Upcoming Speaking Engagements
Read This Issue →

June 15, 2024

In this issue:

  1. Zero-Trust DNS
  2. FBI Seizes BreachForums Website
  3. IBM Sells Cybersecurity Group
  4. Detecting Malicious Trackers
  5. Unredacting Pixelated Text
  6. Personal AI Assistants and Privacy
  7. On the Zero-Day Market
  8. Lattice-Based Cryptosystems and Quantum Cryptanalysis
  9. Privacy Implications of Tracking Wireless Access Points
  10. Supply Chain Attack against Courtroom Software
  11. How AI Will Change Democracy
  12. AI Will Increase the Quantity—and Quality—of Phishing Scams
  13. Seeing Like a Data Structure
  14. Breaking a Password Manager
  15. Online Privacy and Overfishing
  16. Espionage with a Drone
  17. The Justice Department Took Down the 911 S5 Botnet
  18. Security and Human Behavior (SHB) 2024
  19. Exploiting Mistyped URLs
  20. LLMs Acting Deceptively
  21. Using AI for Political Polling
  22. AI and the Indian Election
  23. Demo of AES GCM Misuse Problems
  24. Upcoming Speaking Engagements
Read This Issue →

May 15, 2024

In this issue:

  1. New Lattice Cryptanalytic Technique
  2. X.com Automatically Changing Link Text but Not URLs
  3. Using AI-Generated Legislative Amendments as a Delaying Technique
  4. Other Attempts to Take Over Open Source Projects
  5. Using Legitimate GitHub URLs for Malware
  6. Microsoft and Security Incentives
  7. Dan Solove on Privacy Regulation
  8. The Rise of Large-Language-Model Optimization
  9. Long Article on GM Spying on Its Cars’ Drivers
  10. Whale Song Code
  11. WhatsApp in India
  12. AI Voice Scam
  13. The UK Bans Default Passwords
  14. Rare Interviews with Enigma Cryptanalyst Marian Rejewski
  15. My TED Talks
  16. New Lawsuit Attempting to Make Adversarial Interoperability Legal
  17. New Attack on VPNs
  18. How Criminals Are Using Generative AI
  19. New Attack Against Self-Driving Car AI
  20. LLMs’ Data-Control Path Insecurity
  21. Another Chrome Vulnerability
  22. Upcoming Speaking Engagements
Read This Issue →

April 15, 2024

In this issue:

  1. Improving C++
  2. Drones and the US Air Force
  3. AI and the Evolution of Social Media
  4. Cheating Automatic Toll Booths by Obscuring License Plates
  5. Public AI as an Alternative to Corporate AI
  6. Google Pays $10M in Bug Bounties in 2023
  7. Licensing AI Engineers
  8. On Secure Voting Systems
  9. Security Vulnerability in Saflok’s RFID-Based Keycard Locks
  10. Hardware Vulnerability in Apple’s M-Series Chips
  11. Lessons from a Ransomware Attack against the British Library
  12. Ross Anderson
  13. Magic Security Dust
  14. Declassified NSA Newsletters
  15. XZ Utils Backdoor
  16. Class-Action Lawsuit against Google’s Incognito Mode
  17. Surveillance by the New Microsoft Outlook App
  18. Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed
  19. Security Vulnerability of HTML Emails
  20. US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack
  21. In Memoriam: Ross Anderson, 1956-2024
  22. Backdoor in XZ Utils That Almost Happened
  23. Smuggling Gold by Disguising it as Machine Parts
  24. Upcoming Speaking Engagements
Read This Issue →

March 15, 2024

In this issue:

  1. On the Insecurity of Software Bloat
  2. European Court of Human Rights Rejects Encryption Backdoors
  3. Microsoft Is Spying on Users of Its AI Tools
  4. Details of a Phone Scam
  5. New Image/Video Prompt Injection Attacks
  6. AIs Hacking Websites
  7. Apple Announces Post-Quantum Encryption Algorithms for iMessage
  8. China Surveillance Company Hacked
  9. A Cyber Insurance Backstop
  10. How the “Frontier” Became the Slogan of Uncontrolled AI
  11. NIST Cybersecurity Framework 2.0
  12. LLM Prompt Injection Worm
  13. The Insecurity of Video Doorbells
  14. Surveillance through Push Notifications
  15. How Public AI Can Strengthen Democracy
  16. A Taxonomy of Prompt Injection Attacks
  17. Essays from the Second IWORD
  18. Using LLMs to Unredact Text
  19. Jailbreaking LLMs with ASCII Art
  20. Burglars Using Wi-Fi Jammers to Disable Security Cameras
  21. Automakers Are Sharing Driver Data with Insurers without Consent
Read This Issue →

February 15, 2024

In this issue:

  1. Voice Cloning with Very Short Samples
  2. The Story of the Mirai Botnet
  3. Code Written with AI Assistants Is Less Secure
  4. Canadian Citizen Gets Phone Back from Police
  5. Speaking to the CIA’s Creative Writing Group
  6. Zelle Is Using My Name and Voice without My Consent
  7. AI Bots on X (Twitter)
  8. Side Channels Are Common
  9. Poisoning AI Models
  10. Quantum Computing Skeptics
  11. Chatbots and Human Conversation
  12. Microsoft Executives Hacked
  13. NSA Buying Bulk Surveillance Data on Americans without a Warrant
  14. New Images of Colossus Released
  15. CFPB’s Proposed Data Rules
  16. Facebook’s Extensive Surveillance Network
  17. A Self-Enforcing Protocol to Solve Gerrymandering
  18. David Kahn
  19. Deepfake Fraud
  20. Documents about the NSA’s Banning of Furby Toys in the 1990s
  21. Teaching LLMs to Be Deceptive
  22. On Software Liabilities
  23. No, Toothbrushes Were Not Used in a Massive DDoS Attack
  24. On Passkey Usability
  25. Molly White Reviews Blockchain Book
  26. A Hacker’s Mind is Out in Paperback
  27. Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms
  28. Upcoming Speaking Engagements
Read This Issue →

January 15, 2024

In this issue:

  1. A Robot the Size of the World
  2. Police Get Medical Records without a Warrant
  3. OpenAI Is Not Training on Your Dropbox Documents — Today
  4. GCHQ Christmas Codebreaking Challenge
  5. Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists
  6. Data Exfiltration Using Indirect Prompt Injection
  7. Ben Rothke’s Review of A Hacker’s Mind
  8. Google Stops Collecting Location Data from Maps
  9. New iPhone Security Features to Protect Stolen Devices
  10. AI and Lossy Bottlenecks
  11. AI Is Scarily Good at Guessing the Location of Random Photos
  12. TikTok Editorial Analysis
  13. Facial Recognition Systems in the US
  14. New iPhone Exploit Uses Four Zero-Days
  15. Improving Shor’s Algorithm
  16. Second Interdisciplinary Workshop on Reimagining Democracy
  17. PIN-Stealing Android Malware
  18. Facial Scanning by Burger King in Brazil
  19. Pharmacies Giving Patient Records to Police without Warrants
  20. On IoT Devices and Software Liability
  21. Upcoming Speaking Engagements
Read This Issue →
← 2023Calendar

Sidebar photo of Bruce Schneier by Joe MacInnis.