Friday Squid Blogging: Squid Overfishing in the South Pacific

Regulation is hard: The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million square kilometers (22 million square miles) of the South Pacific high seas, trying to impose order on a…

Sen. Sanders Talks to Claude About AI and Privacy

Claude is actually pretty good on the issues.

On Microsoft’s Lousy Cloud Security

ProPublica has a scoop: In late 2024, the federal government's cybersecurity evaluators rendered a troubling verdict on one of Microsoft's biggest cloud computing offerings. The tech giant's "lack of proper detailed security documentation" left reviewers with a…

Python Supply-Chain Compromise

This is news: A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth, 34,628 bytes) which is automatically executed by the Python…

Cybersecurity in the Age of Instant Software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an…

Hong Kong Police Can Force You to Reveal Your Encryption Keys

According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc. -- even if you are just transiting the airport. In a security alert dated March 26, the U.S.…

New Mexico’s Meta Ruling and Encryption

Mike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general: If the "design choices create liability" framework seems worrying in the abstract, the New Mexico case…

Google Wants to Transition to Post-Quantum Cryptography by 2029

Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantum computer anywhere near that year, but because crypto-agility is always a…

Friday Squid Blogging: Jurassic Fish Chokes on Squid

Here's a fossil of a 150-million year old fish that choked to death on a belemnite rostrum: the hard, internal shell of an extinct, squid-like animal. Original paper. As usual, you can also use this squid post to talk about the security stories…

Company that Secretly Records and Publishes Zoom Meetings

WebinarTV searches the internet for public Zoom invites, joins the meetings, secretly records them, and publishes (alternate link) the recordings. It doesn't use the Zoom record feature, so Zoom can't do anything about it.

US Bans All Foreign-Made Consumer Routers

This is for new routers; you don't have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers (1) introduce "a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and…

Possible US Government iPhone Hacking Tool Leaked

Wired writes (alternate source): Security researchers at Google on Tuesday released a report describing what they're calling "Coruna," a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing…

Is “Hackback” Official US Cybersecurity Strategy?

The 2026 US "Cyber Strategy for America" document is mostly the same thing we've seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: "We will unleash the private sector by creating incentives…

A Taxonomy of Cognitive Security

Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but -- even better -- Menton has a long essay laying out the basic concepts and ideas. The whole thing is…

Inventors of Quantum Cryptography Win Turing Award

Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography. I am incredibly pleased to see them get this recognition. I have always thought the technology to be fantastic, even though I think it's largely…

Apple’s Camera Indicator Lights

A thoughtful review of Apple's system to alert users that the camera is on. It's really well-designed, and important in a world where malware could surreptitiously start recording. The reason it's tempting to think that a dedicated camera indicator light is more…

Friday Squid Blogging: Bioluminescent Bacteria in Squid

The Hawaiian bobtail squid has bioluminescent bacteria.

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters

In December, the Trump administration signed an executive order that neutered states' ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action…

Sen. Wyden Warns of Another Section 702 Abuse

Sen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved (with support of many Democrats) nomination of Joshua Rudd to lead the NSA. Wyden was protesting…

Team Mirai and Democracy

Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai, illustrates the viability of a different way to do politics. In this model, technology is used to make democratic processes stronger, instead of undermining…

Microsoft Xbox One Hacked

It's an impressive feat, over a decade after the box was released: Since reset glitching wasn't possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pin(s) the hacker targeted the momentary collapse of the…

Friday Squid Blogging: Jumbo Flying Squid in the South Pacific

The population needs better conservation. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy.

Proton Mail Shared User Information with the Police

404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI. It's metadata -- payment information related to a particular account -- but still important knowledge. This sort of…

Hacking a Robot Vacuum

Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that.

Meta’s AI Glasses and Privacy

Surprising no one, Meta's new AI glasses are a privacy disaster. I'm not sure what can be done here. This is a technology that will exist, whether we like it or not. Meanwhile, there is a new Android app that detects when there are smart glasses nearby.

South Korean Police Accidentally Post Cryptocurrency Wallet Password

An expensive mistake: Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea's National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet. The funds…

Possible New Result in Quantum Factorization

I'm skeptical about -- and not qualified to review -- this new result in factorization with a quantum computer, but if it's true it's a theoretical improvement in the speed of factoring large numbers with a quantum computer.

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving the Ross Anderson Lecture at the University of Cambridge’s Churchill College at 5:30 PM GMT on Thursday, March 19, 2026. I’m speaking at RSAC 2026 in San Francisco, California, USA, on…

Friday Squid Blogging: Increased Squid Population in the Falklands

Some good news: squid stocks seem to be recovering in the waters off the Falkland Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy.

Academia and the “AI Brain Drain”

In 2025, Google, Amazon, Microsoft and Meta collectively spent US$380 billion on building artificial-intelligence tools. That number is expected to surge still higher this year, to $650 billion, to fund the building of physical infrastructure, such as data centers…