Crypto-Gram
May 15, 2025

by Bruce Schneier
Fellow and Lecturer, Harvard Kennedy School schneier@schneier.com
https://www.schneier.com

A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit Crypto-Gram's web page.

Read this issue on the web

These same essays and news items appear in the Schneier on Security blog, along
with a lively and intelligent comment section. An RSS feed is available.

** *** ***** ******* *********** *************

In this issue:

If these links don't work in your email client, try reading this issue of
Crypto-Gram on the web.

Slopsquatting
CVE Program Almost Unfunded
Age Verification Using Facial Scans Android Improves Its Security
Regulating AI Behavior with a Hypervisor New Linux Rootkit
Cryptocurrency Thefts Get Physical
Windscribe Acquitted on Charges of Not Collecting Users' Data Applying Security
Engineering to Prompt Injection Security WhatsApp Case Against NSO Group
Progressing US as a Surveillance State
NCSC Guidance on "Advanced Cryptography"
Privacy for Agentic AI
Another Move in the Deepfake Creation/Detection Arms Race Fake Student Fraud in
Community Colleges Chinese AI Submersible
Florida Backdoor Bill Fails
Court Rules Against NSO Group
GoogleΓÇÖs Advanced Protection Now on Android Upcoming Speaking Engagements
AI-Generated Law
** *** ***** ******* *********** *************

Slopsquatting

[2025.04.15] As AI coding assistants invent nonexistent software libraries to
download and use, enterprising attackers create and upload libraries with those
names -- laced with malware, of course.

EDITED TO ADD (1/22): Research paper. Slashdot thread.

** *** ***** ******* *********** *************

CVE Program Almost Unfunded

[2025.04.16] MitreΓÇÖs CVEΓÇÖs program -- which provides common naming and other
informational resources about cybersecurity vulnerabilities -- was about to be
cancelled, as the US Department of Homeland Security failed to renew the
contact. It was funded for eleven more months at the last minute.

This is a big deal. The CVE program is one of those pieces of common
infrastructure that everyone benefits from. Losing it will bring us back to a
world where thereΓÇÖs no single way to talk about vulnerabilities. ItΓÇÖs kind
of crazy to think that the US government might damage its own security in this
way -- but I suppose no crazier than any of the other ways the US is working
against its own interests right now.

Sasha Romanosky, senior policy researcher at the Rand Corporation, branded the
end to the CVE program as ΓÇ£tragic,ΓÇ¥ a sentiment echoed by many cybersecurity
and CVE experts reached for comment.

ΓÇ£CVE naming and assignment to software packages and versions are the
foundation upon which the software vulnerability ecosystem is based,ΓÇ¥
Romanosky said. ΓÇ£Without it, we canΓÇÖt track newly discovered
vulnerabilities. We canΓÇÖt score their severity or predict their exploitation.
And we certainly wouldnΓÇÖt be able to make the best decisions regarding
patching them.ΓÇ¥

Ben Edwards, principal research scientist at Bitsight, told CSO, ΓÇ£My reaction
is sadness and disappointment. This is a valuable resource that should
absolutely be funded, and not renewing the contract is a mistake.ΓÇ¥

He added ΓÇ£I am hopeful any interruption is brief and that if the contract
fails to be renewed, other stakeholders within the ecosystem can pick up where
MITRE left off. The federated framework and openness of the system make this
possible, but itΓÇÖll be a rocky road if operations do need to shift to another
entity.ΓÇ¥

More similar quotes in the article.

My guess is that we will somehow figure out how to transition this program to
continue without the US government. ItΓÇÖs too important to be at risk.

EDITED TO ADD: Another good article.

** *** ***** ******* *********** *************

Age Verification Using Facial Scans

[2025.04.17] Discord is testing the feature:

ΓÇ£WeΓÇÖre currently running tests in select regions to age-gate access to
certain spaces or user settings,ΓÇ¥ a spokesperson for Discord said in a
statement. ΓÇ£The information shared to power the age verification method is
only used for the one-time age verification process and is not stored by Discord
or our vendor. For Face Scan, the solution our vendor uses operates on-device,
which means there is no collection of any biometric information when you scan
your face. For ID verification, the scan of your ID is deleted upon
verification.ΓÇ¥

I look forward to all the videos of people hacking this system using various
disguises.

** *** ***** ******* *********** *************

Android Improves Its Security

[2025.04.22] Android phones will soon reboot themselves after sitting idle for
three days. iPhones have had this feature for a while; itΓÇÖs nice to see Google
add it to their phones.

** *** ***** ******* *********** *************

Regulating AI Behavior with a Hypervisor

[2025.04.23] Interesting research: ΓÇ£Guillotine: Hypervisors for Isolating
Malicious AIs.ΓÇ¥

Abstract:As AI models become more embedded in critical sectors like finance,
healthcare, and the military, their inscrutable behavior poses ever-greater
risks to society. To mitigate this risk, we propose Guillotine, a hypervisor
architecture for sandboxing powerful AI models -- models that, by accident or
malice, can generate existential threats to humanity. Although Guillotine
borrows some well-known virtualization techniques, Guillotine must also
introduce fundamentally new isolation mechanisms to handle the unique threat
model posed by existential-risk AIs. For example, a rogue AI may try to
introspect upon hypervisor software or the underlying hardware substrate to
enable later subversion of that control plane; thus, a Guillotine hypervisor
requires careful co-design of the hypervisor software and the CPUs, RAM, NIC,
and storage devices that support the hypervisor software, to thwart side channel
leakage and more generally eliminate mechanisms for AI to exploit
reflection-based vulnerabilities. Beyond s uch isolation at the software,
network, and microarchitectural layers, a Guillotine hypervisor must also
provide physical fail-safes more commonly associated with nuclear power plants,
avionic platforms, and other types of mission critical systems. Physical
fail-safes, e.g., involving electromechanical disconnection of network cables,
or the flooding of a datacenter which holds a rogue AI, provide defense in depth
if software, network, and microarchitectural isolation is compromised and a
rogue AI must be temporarily shut down or permanently destroyed.

The basic idea is that many of the AI safety policies proposed by the AI
community lack robust technical enforcement mechanisms. The worry is that, as
models get smarter, they will be able to avoid those safety policies. The paper
proposes a set technical enforcement mechanisms that could work against these
malicious AIs.

** *** ***** ******* *********** *************

New Linux Rootkit

[2025.04.24] Interesting:

The company has released a working rootkit called ΓÇ£CuringΓÇ¥ that uses
io_uring, a

--- BBBS/LiR v4.10 Toy-7
 * Origin: TCOB1: https/binkd/telnet binkd.rima.ie (618:500/1)