If you're serious about encryption, keep control of your encryption keys //
If you think using Microsoft's BitLocker encryption will keep your data 100 percent safe, think again. Last year, Redmond reportedly provided the FBI with encryption keys to unlock the laptops of Windows users charged in a fraud indictment. //
BitLocker is a Windows security system that can encrypt data on storage devices. It supports two modes: Device Encryption, a mode designed to simplify security, and BitLocker Drive Encryption, an advanced mode.
For either mode, Microsoft "typically" backs up BitLocker keys to its servers when the service gets set up from an active Microsoft account. "If you use a Microsoft account, the BitLocker recovery key is typically attached to it, and you can access the recovery key online," the company explains in its documentation. //
Microsoft provides the option to store keys elsewhere. Instead of selecting "Save to your Microsoft Account," customers can "Save to a USB flash drive," "Save to a file," or "Print the recovery key." //
Apple offers a similar device encryption service called FileVault, complemented by its iCloud service. The iCloud service also offers an easy mode called "Standard data protection" and "Advanced Data Protection for iCloud."
After repeatedly denying for weeks that his force used AI tools, the chief constable of the West Midlands police has finally admitted that a hugely controversial decision to ban Maccabi Tel Aviv football fans from the UK did involve hallucinated information from Microsoft Copilot. //
Making it worse was the fact that the West Midlands Police narrative rapidly fell apart. According to the BBC, police claimed that the Amsterdam football match featured “500-600 Maccabi fans [who] had targeted Muslim communities the night before the Amsterdam fixture, saying there had been ‘serious assaults including throwing random members of the public’ into a river. They also claimed that 5,000 officers were needed to deal with the unrest in Amsterdam, after previously saying that the figure was 1,200.”
Amsterdam police made clear that the West Midlands account of bad Maccabi fan behavior was highly exaggerated, and the BBC recently obtained a letter from the Dutch inspector general confirming that the claims were inaccurate.
But it was one flat-out error—a small one, really—that has made the West Midlands Police recommendation look particularly shoddy. In a list of recent games with Maccabi Tel Aviv fans present, the police included a match between West Ham (UK) and Maccabi Tel Aviv. The only problem? No such match occurred.
"So one of the things that we're seeing is the whole movement away from passwords to passkeys – a certificate-based authentication wrapped in a usability shrink wrap," Forrester VP and analyst Andras Cser told The Register.
Passkeys are typically what security folks mean when they say "phishing-resistant MFA." They replace passwords, and instead use cryptographic key pairs with the public key stored on the server and the private key – such as the user's face, fingerprints, or PIN – stored on the user's device. higher bandwidth demands.
On a sunny morning on October 19 2025, four men allegedly walked into the world’s most-visited museum and left, minutes later, with crown jewels worth 88 million euros ($101 million). The theft from Paris’ Louvre Museum—one of the world’s most surveilled cultural institutions—took just under eight minutes.
Visitors kept browsing. Security didn’t react (until alarms were triggered). The men disappeared into the city’s traffic before anyone realized what had happened.
Investigators later revealed that the thieves wore hi-vis vests, disguising themselves as construction workers. They arrived with a furniture lift, a common sight in Paris’s narrow streets, and used it to reach a balcony overlooking the Seine. Dressed as workers, they looked as if they belonged.
This strategy worked because we don’t see the world objectively. We see it through categories—through what we expect to see. The thieves understood the social categories that we perceive as “normal” and exploited them to avoid suspicion. Many artificial intelligence (AI) systems work in the same way and are vulnerable to the same kinds of mistakes as a result.
The sociologist Erving Goffman would describe what happened at the Louvre using his concept of the presentation of self: people “perform” social roles by adopting the cues others expect. Here, the performance of normality became the perfect camouflage. //
Iphtashu Fitz Ars Tribunus Militum
18y
1,651
Derecho Imminent said:
It could be argued that people ignored them not because of conformity, but because of class structure.
I think it largely is conformity. There are plenty of other examples of successful crooks/robberies/etc. that took advantage of conformity:
- The Isabella Stewart Gardner Museum art heist started with phony Boston Police officers knocking on the door.
- The Belfast Ireland bank heist in 2004 was similarly perpetrated by phony police officers
- Frank Abignale claims to have impersonated a pilot, a lawyer, and other professions to con people in the 1960s and 70s.
- The Banco Central Heist in Brazil involved a "gardening" business that opened up right next to the bank to hid the digging of a tunnel into the bank. It took 3 months to dig the tunnel.
All of these used social engineering tactics at different levels of class structure to perform their respective robberies. You can find plenty of other robberies along these lines with a little bit of effort.
New design sets a high standard for post-quantum readiness.
Notion just released version 3.0, complete with AI agents. Because the system contains Simon Willson’s lethal trifecta, it’s vulnerable to data theft though prompt injection.
First, the trifecta:
The lethal trifecta of capabilities is:
- Access to your private data—one of the most common purposes of tools in the first place!
- Exposure to untrusted content—any mechanism by which text (or images) controlled by a malicious attacker could become available to your LLM
- The ability to externally communicate in a way that could be used to steal your data (I often call this “exfiltration” but I’m not confident that term is widely understood.)
This is, of course, basically the point of AI agents. //
The fundamental problem is that the LLM can’t differentiate between authorized commands and untrusted data. So when it encounters that malicious pdf, it just executes the embedded commands. And since it has (1) access to private data, and (2) the ability to communicate externally, it can fulfill the attacker’s requests. I’ll repeat myself:
This kind of thing should make everybody stop and really think before deploying any AI agents. We simply don’t know to defend against these attacks. We have zero agentic AI systems that are secure against these attacks. Any AI that is working in an adversarial environment—and by this I mean that it may encounter untrusted training data or input—is vulnerable to prompt injection. It’s an existential problem that, near as I can tell, most people developing these technologies are just pretending isn’t there.
Shootings at houses of worship and religious schools are happening at an alarming rate. I’m not just talking about Christian churches either; assailants have hit synagogues and Mormon congregations as well. As I write this, news of a stabbing attack at a synagogue in the UK on Yom Kippur is fresh on my mind as well.
What are churches to do? I’ve never been one to call for gun control and never will be — besides, the UK’s gun-grabbing fanaticism has only made stabbings more of a threat, as the Yom Kippur attack demonstrates. //
“Reverend, if you’re going to reprimand me, at least let me indulge my habit of quoting scripture and dead philosphers, after all somebody has to keep Augustine from rolling in his grave. Our Lord said ‘But now, if you have a purse, take it, and also a bag; and if you don't have a sword, sell your cloak and buy one.’
Also, Thomas Aquinas wrote in his Summa Theologica: 'one who defends his life is not guilty of murder, even if he is forced to deal a fatal blow, for it is preferable to defend oneself than to submit to the will of evildoers."
And as Edmund Burke—famously reminded us: ‘The only thing necessary for the triumph of evil is for good men to do nothing.’
But, Reverend, I want to be clear: I’m not standing guard. I’m just sitting in the pews like everyone else—albeit with a little extra peace of mind in under my jacket in case trouble finds us.” And I patted my hip holster.
On Thursday, two Republican Senators, Mike Lee (R-UT) and Tommy Tuberville (R-AL), revealed a bill that would abolish the Transportation Security Administration (TSA) in favor of private security at the nation's airports and other secure venues. //
The measure would officially abolish the TSA three years after being enacted into law, which the senators believe would provide time for security needs to be privatized. //
The TSA should be eliminated and replaced with privatized solutions that are more targeted, streamlined, and where appropriate accountable to limited government oversight," he added.
The senators specifically denote in the legislation that the reorganization plan can't require private security companies to do warrantless searches or extend the TSA in any way. //
Private security firms, arranged by the local airports' management, have the advantage of being accountable. Screw-ups can lead to a company losing a lucrative contract, so there is a strong incentive to be effective. TSA, as with any bureaucracy paid for by taxpayer dollars, has no such incentive.
“We don’t think he acted alone,” Hagmann told The Post. “This took a lot of coordination. In my view, Crooks was handled by more than one individual and he was used for this [assassination attempt]. And I wouldn’t preclude the possibility that there were people at the rally itself helping him.”. //
Hagmann's argument about the need for "a lot of coordination" appears to be mere assertion; he has no evidence, or, at least, none he presents in the account. //
Rep. Clay Higgins (R-La.) — part of a bipartisan task force looking into Crooks’ actions and his death — found that it although a Secret Service sniper took him down with the kill shot, it was a local SWAT officer who made the shot that initially took him down — something the FBI did not report at the time. //
Higgins, who has also been investigating Crooks’ assassination attempt for months, has not seen Hagmann’s geofencing data but downplayed its significance. He told The Post he believes Crooks acted alone and there was no conspiracy. However, he also said the FBI continually obstructed his investigation. //
Of course, it's difficult for the saner among us to comprehend what might set off someone like this. As the late, great Paul Harvey used to say when describing the acts of some criminal goblin, "If you could understand it, we'd have to worry about you."
Bad actors can now digitally impersonate someone you love, and trick you into doing things like paying a ransom.
To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons.
This is how it works:
- Two people, Person A and Person B, sit in front of the same computer and open this page;
- They input their respective names (e.g. Alice and Bob) onto the same page, and click "Generate";
- The page will generate two TOTP QR codes, one for Alice and one for Bob;
- Alice and Bob scan the respective QR code into a TOTP mobile app (such as Authy or Google Authenticator) on their respective mobile phones;
- In the future, when Alice speaks with Bob over the phone or over video call, and wants to verify the identity of Bob, Alice asks Bob to provide the 6-digit TOTP code from the mobile app. If the code matches what Alice has on her own phone, then Alice has more confidence that she is speaking with the real Bob.
Note that this depends on both Alice's and Bob's phones being secure. If somebody steals Bob's phone and manages to bypass the fingerprint or PIN or facial recognition of Bob's phone, then all bets are off.
Elon Musk @elonmusk
·
I’ve had a top secret clearance for many years and have clearances that themselves are classified.
That said, FAR too much information is made “classified”. If something is easily found online or patently obvious, it should NOT be classified. This impedes effective communication within the government.
TONY™ @TONYxTWO
This moment from the USAID House Hearing is 🔥🔥🔥!!!
“@elonmusk does have a security clearance, he has a top secret security clearance, by God he makes the rockets for NASA! But the suggestion that he somehow can’t be trusted to dig in to how we’re spending our money is nothing…
Embedded video
6:10 AM · Feb 14, 2025. //
- FOIA Exemption 1 (5 U.S.C. § 552(b)(1)) – This exemption protects information that is classified under Executive Order 13526 (or its successors) for national security reasons. Security clearance information often falls under this exemption because it involves classified material.
During a Pennsylvania trip, Secret Service agents spotted a drone tracking Trump’s motorcade—they opened the moonroof and took it down with an electromagnetic gun.
President Donald Trump is taking further action against the 50 former intelligence officials who falsely suggested Hunter Biden’s laptop was “part of a Russian disinformation campaign,” instructing agencies to also ban those individuals from stepping foot in secure U.S. government facilities, according to a memo obtained by The Daily Wire.
The Jan. 29 cabinet memorandum, first obtained by The Daily Wire, expands Trump’s day-one executive order, which revoked the security clearance for the 50 individuals. Sent “on behalf of the President,” it orders the country’s top national security agencies to “revoke unescorted access to secure U.S. Government facilities from the 50 former intelligence officials named in the Executive Order.” //
NorCalGC
6 hours ago
This seems to suggest that one or more on the list visited a secure facility after they had their security clearances revoked. //
It’s a dry heat
5 hours ago
"despite the fact they had no solid evidence to support that conclusion."
That suggests they had some "evidence" but it just wasn't "solid." The truth is far more damning. They not only didn't have any "solid evidence," but that they had no evidence at all, and what evidence there was established precisely the contrary. There was ample evidence, solid, concrete, irrefutable and otherwise, that the Hunter laptop was genuine and that its owner was a genuine criminal, drug addled dipwad. //
GBenton
5 hours ago edited
Trump should have a gallows built with 51 nooses just to send a message to the traitors.
Getting your hall passes yanked is getting off far easier than you deserve.
What happened in 2020 was beyond election interference. It was a color revolution and with China and Iran and other nations involved I'd argue they are guilty of treason.
They may not actually be publicly hanged but in an earlier era they know they could have and they should be reminded of that.
In the last 20 years or so people got waaaay too comfortable engaging in treasonous and anti-American activities and that really does need to stop.
How hard they need to learn that lesson is up to them for now.
Is this too harsh of language? Welp, they tried to imprison Trump after convicting him of made up crimes and then they tried assasination - and they stole the last election.
I'd argue that not being clear about the boundaries is how we got where we are.
Keep in mind, we won in 2024 but if we'd lost the country would have been lost or we might have had to fight our way back to freedom. It's all fun and games until the Marxists consolidate power and we MUST never let that happen.
We won the Cold War. If WE became the force for Communism around the world humanity is basically over.
Play time for traitors is over. And Trump appears to be serious about making the necessary reforms and kicking out the bad actors. Full disclosure of what they did is next, IMO.
GBenton NavyVet
an hour ago
How I really feel is we need to make people fear the consequences of betraying the people and engaging in sedition, corruption, and yes, treason. There's a long list of folks who did all of the above who are used to being rewarded for it and they need to get their minds right.
I'm being somewhat tongue in cheek about the gallows, somewhat, since these cretins got Americans imprisoned and even killed during the Biden years in an illegitimate presidency that could have sent our nation into an age of darkness.
Call me crazy, but we really need to make sure that never happens again and bad actors respond to consequences so examples need to be made. Destroy their reputations, strip their access to power and money (already in progress), and yeah, some of them belong in prison - shunned from society, cautionary tales to future scumbags who consider selling out our country for money and power.
The only people who pay a price in this country are the law abiding ciitizens who believe in our Founding values - that has to change or one day we'll wake up and not have a country.
wvcitizen
3 days ago
A Secret Service agent fired multiple shots at this guy at close range and missed him clean. Seem he was supposed to get away. But a person took a pic of his license plates and called 911. Local law enforcement picked him up. Don’t think that was supposed to happen. Now there is a mess that has to be cleaned up before he sings. Let’s see how this works out. //
TheAmericanExperiment
3 days ago
The Feds were behind both assassination attempts.
Crooks was supposed to get off kill shot before being taken out by the counter snipers who were there for that express purpose.
Routh was supposed to get away but ran afoul of an alert citizen with a camera.
The Feds need to maintain total control over Routh and that means maintain physical possession of him. As long as they maintain physical possession of him he knows that one false move will get him Epsteined. If Florida is able to proceed with their case they get the chance to speak with him privately. I'd love to be a fly on that wall.
Can't get Kash into the bureau soon enough.
The House Task Force on the Attempted Assassination of Donald J. Trump released its final report on Tuesday. The report covers the July 13 wounding of President-elect Trump at Butler, Pennsylvania, and the September 15 assassination attempt in West Palm Beach, Florida. //
So, the Secret Service was notified at 2:30 a.m. that Trump would play golf. He arrived at the golf course around 11 a.m. At 1:30 p.m., Trump having been on the golf course for about two hours, the Secret Service is conducting its preliminary sweep of the golf course boundary and discovers the shooter. The shooter, Ryan Wesley Routh, had been in his shooting position since 1:59 a.m. This latter data point is not mentioned in the report.
I'm not a highly trained Secret Service agent; I'm just a dumb sh** infantryman from Southside Virginia, but if I'd been given that mission, I would have conducted a preliminary sweep of the golf course sometime after dawn, placed observation posts at key spots and then done a rolling sweep after the golf party started moving. I would not have started my first pass over the golf course as Trump was playing through.
But it gets a lot better. //
The agent who discovered Routh fired six rounds (they think) at the gunman from a distance of five feet, scoring a perfect goose egg. //
How does any human miss a target basically within arm's reach? How do you get within five feet of a gunman without seeing anything (rhetorical question: you probably have your earbuds in, listening to tunes or a podcast, and daydreaming about what you're going to do when you get off shift)? And how, in the name of all that is Holy, can't you definitively tell how many rounds were fired? "[B]elieved six shots in total were fired" is NOT a number. Don't they keep track of ammunition in the Secret Service? Don't they have an SOP for loading magazines? How will "final ballistics" help determine this if you apparently don't know how many rounds you started out with? //
The Secret Service is a broken organization. A shameful performance by Director Kimberly Cheatle at a congressional hearing (BREAKING: Secret Service Director Kimberly Cheatle Resigns After Disastrous Hearing – RedState) and the juvenile "I'm a public servant" rant by Acting Director Ronald Rowe last week (MUST SEE: Screaming Fight Between GOP Rep, Secret Service Director at Trump Assassination Attempt Hearing) are just the most visible indicators of an organization that is just not capable of carrying out its mission of protecting the president.
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.
"Put simply, the evidence obtained by the Task Force to date shows the tragic and shocking events of July 13 were preventable and should not have happened."
Those stark words are contained in a damning House Task Force report about the Butler, Pennsylvania, assassination attempt against former president and current Republican presidential nominee Donald Trump. //
The report also points to logistical issues – particularly on the part of USSS – in the hours before the rally took place. For instance, there were two command centers set up for the event, with a witness testifying that no one from the Butler Police Department was invited to the USSS’ hub. //
Roughly an hour after the local officers first noticed Crooks, the would-be assassin fired eight shots into the rally, hitting Trump and the three attendees before being killed by a Secret Service sniper. //
"To date, the Task Force has not received any evidence to suggest that message reached the former President’s USSS detail prior to shots fired," the report said.
The report also quoted a witness from the Butler County Emergency Services United (ESU) whose account of shooting Crooks appears to undercut the USSS’s assertion that one of its snipers killed the gunman.
"He fired a single shot from a standing position at Crooks, who was in a prone position on the roof. Butler ESU Witness 5 told the Task Force that he believes his shot hit Crooks," the report said.
In an added — and some might say ironic — twist, per CNN, Routh's case was assigned to Judge Aileen Cannon, the same U.S. District Court judge overseeing the classified documents case filed by the DOJ against Trump. (Cannon's name is present on the indictment, which may be viewed below — the preliminary proceedings were handled by Magistrate Judge Ryon McCabe.) //
GBenton
3 hours ago
That's beautiful. The dirtbag got a Trump appointed judge in Florida. If Bongino is correct and there is much more to this story in regards to Iran and assassins and the Biden/Harris clownshow, Cannon is the judge for the job, IMO.
Her handling of the Documents case was masterful, to my non-lawyer eyes.
She's the judge for the Federal charges. If DeSantis's state level charges are brought, I'm assuming they'd be handled in a state level court and not Cannon but I'd be glad to be wrong about that.
Clive Robinson • September 18, 2024 6:25 PM
@ ALL //
Even if never actively triggered all bombs are “unstable with time” and although they don’t have a predictable half life they do break down with time at a rate often depending on the environment. The only real question is how they break down…
Remember “blasting oil” was not safe untill “Dynamite” temporarily tamed it with clay. But dynamite “sweats” not just with temperature but other stressors including time. Thus the blasting oil comes out and is highly unstable again, and can easily act as a vibration sensitive detonator to the dynamite it is on plus any other “sticks” in close enough proximity.
Oh and just for fun, look up Victorian “Exploding Billiard Balls” it happens due to instability in nitro cellulose which over time becomes increasingly explosive…
Just remember it was also used for piano keys as well, so a grand crescendo on a historic instrument could have a more explosive finish than either the pianist or audience expect…
One handwritten letter, addressed to “The World,” stated, among other things, “This was an assassination attempt on Donald Trump but I failed you. I tried my best and gave it all the gumption I could muster. It is up to you now to finish the job; and I will offer $150,000 to whomever can complete the job.” //
Barr said in a statement to Fox News Digital:
I was dumbfounded that the DOJ made public this morning the contents of the letter that, Ryan Routh, left with an acquaintance prior to the attempted assassination of former President Trump
Even if DOJ thought it important to provide the letter to the court, it could have redacted inflammatory material or arranged to have the letter submitted under seal. It was rash to put out this letter in the midst of an election during which two attempts on the life of President Trump had been made.
"It served no purpose other than to risk inciting further violence," he added. //
anon-7lqi
39 minutes ago
Which are we to believe:
The Secret Service and DoJ are suddenly hopelessly incompetent and negligent
or
The Secret Service and DoJ knowingly and willfully pulled back protective resources and put their least competent staff on Trump