Source: www.schneier.com – Author: Bruce Schneier
Comments
not important • August 15, 2025 7:23 PM
Will AI make language dubbing easy for film and TV?
https://www.bbc.com/news/articles/c36xy6r91kwo
=Finding international films that might appeal to the US market is an important part of the work XYZ Films.
He says the US market has always been tough for foreign language films.
It’s partly a language problem.
“America is not a culture which has grown up with subtitles or dubbing like Europe has,” he points out.
But that language hurdle might be easier to clear with a new AI-driven dubbing system.
The audio and video of a recent film, Watch the Skies, a Swedish sci-fi film, was fed into a digital tool called DeepEditor.
It manipulates the video to make it look like actors are genuinely speaking the language the film is made into.
DeepEditor was developed by Flawless, which is headquartered in Soho, London.
“DeepEditor uses a combination of face detection, facial recognition, landmark detection [such as facial features] and 3D face tracking to understand the actor’s appearance, physical actions and emotional performance in every shot,” says Mr Mann.
The tech can preserve actors’ original performances across languages, without reshoots or re-recordings, reducing costs and time, he says.
The tech isn’t here to replace actors, says Mann, who says voice actors are used rather than being replaced with synthetic voices.=
ResearcherZero • August 15, 2025 10:24 PM
Source code was reportedly stolen in breach of Judiciary’s Case Management/Electronic Case Files System. The CM/ECF platform has been breached many times, including in the 2020 SolarWinds incident. Existing vulnerabilities discovered following the 2020 breach were used in the latest hack. The CM/ECF platform is made up of multiple systems that serve each district, each with its own custom CM/ECF system, accessible by the PACER front-end.
Other actors have piggybacked off the latest breach to also gain access to the system.
The CM/ECF platform has been regularly attacked and breached over the last fifteen years.
‘https://www.politico.com/news/2025/08/12/federal-courts-hack-security-flaw-00506392
The system contains a lot of very sensitive information.
https://www.jdsupra.com/legalnews/federal-court-system-and-possibly-9294638/
ResearcherZero • August 16, 2025 1:48 AM
SpaceX may never pay taxes thanks to a loophole signed into law by Trump. According to filings, the company has paid little in tax despite billions in government contracts.
‘https://gizmodo.com/spacex-has-likely-skirted-federal-income-taxes-for-decades-investigation-reveals-2000643848
Dancing on thin ice • August 16, 2025 8:29 AM
Russian inventor Leon Theremin who was born on August 15, 1896 built “the Thing” spy device for the The Soviet Union.
Was it wise to allow Russia’s leader (a former KGB officer) to ride in the “Beast” presidential vehicle containing top secrets on the same date in 2025?
Maybe like Air Force One, there is a second decoy presidential vehicle to hide its defensive measures.
Corrupt Shithole ideho • August 16, 2025 4:15 PM
A friend of mine told me about a pattern he noticed: whenever he uses Signal app on his iPhone, immediately after sending a text message to one of his Signal Contacts, his iPhone switches automagically from 5G to LTE. If there’s no Signal texting, the iPhone stays on 5G ALL DAY – EVERYDAY. So, whenever a Signal Message is fetched a StingRay WILL FORCE IT to go from 5G to LTE. Simple as that?
Another thing he told me is that when there is a Court-Ordered Wiretap COWT/CALEA on a connection/Internet Account, then the Local NIC Adapter will ALWAYS show the Status of ANY WAN IP Address connected to using that Local NIC Adapter – it will ALWAYS show “Preferred IP Address” next to the actual WAN IP Address that is assigned (Leased) by the ISP to that local NIC Adapter (or RATHER The Account, in case one is connecting with more than one NICs/Devices).
Meaning – if your NIC shows you that your WAN IP Address is “Preferred” (even after resetting the NIC Adapter and taking ALL STEPS that would normally make it not “Preferred”, because there is a way to do that – UNLESS THE GOVERNMENT HAS SET IT UP, UPSTREAM, TO BIND that way, then you WILL BE “Preferred” no matter what you do on your NIC/Device).
Simple as that!!! Gotta LOVE duh Police State – the US of A.
not important • August 16, 2025 7:25 PM
https://cyberguy.com/robot-tech/robotic-dog-helps-mental-health-cognitive-challenges/
=US robotics company Tombot has introduced Jennie, an innovative AI-powered robotic pet designed to provide comfort and companionship to those facing cognitive health challenges. This groundbreaking creation is set to transform the lives of millions struggling with dementia, mild cognitive impairment, and various mental health issues.
Jennie features an impressive array of interactive technologies designed to create a lifelike and engaging companion experience. The robotic puppy features sophisticated interactive touch sensors strategically placed across its body, allowing it to respond authentically to human touch and interaction. When a user pets or touches Jennie, the advanced sensor technology enables nuanced, realistic reactions that mimic a real puppy’s behavior.
Voice command recognition technology allows Jennie to understand and respond to verbal instructions, creating an incredibly realistic puppy-like interaction. Users can give commands like “speak” or “sit,” and Jennie will react accordingly, providing a sense of genuine companionship and responsiveness.
To enhance its authenticity, Jennie’s sounds are meticulously crafted from actual recordings of 8-10-week-old Labrador puppies. These genuine puppy sounds create an incredibly immersive experience, making interactions feel remarkably true to life and emotionally engaging.
Tombot aims to register Jennie as an FDA-regulated medical device, potentially expanding its use in hospitals and care facilities.
The company tells CyberGuy that Tombot puppies will likely retail for around $1,500.=
lastofthev8’s • August 16, 2025 11:39 PM
Hi all can someone tell me what is this ? i stumbled upon it purly by chance…obviously theres more to it but what am i lookin at?
1)
2)
3)
4)
5) Trojan.Script.Heuristic-js.iacgm
lastofthev8’s • August 16, 2025 11:45 PM
line 1) so in this line from here ‘
so why ? 👉’Trojan.Script.Heuristic-js.iacgm’👈 why is thi so?? yes serious question as a noob
C U Anon • August 17, 2025 7:32 AM
SocraticGadfly : Also not squid-shaped
There might be a third option in game.
Back, more than a few years ago, if you claimed to see something like that they would check to see what you’d been drinking or smoking and give you a chair to “sit down and rest it off”
These days I’m led to believe they just “sentence you to the chair”…
It’s difficult to tell because they change the rules faster than the drunks hit the floor whilst aiming at the spittoon.
not important • August 17, 2025 4:20 PM
AI Learned to Be Evil Without Anyone Telling It To, Which Bodes Well
https://www.yahoo.com/news/articles/ai-learned-evil-without-anyone-193000139.html
=One of the most challenging aspects of AI research is that most companies, especially
when it comes to broad intelligence LLMs,
don’t exactly know how these systems come to conclusion or display certain behaviors.
LLMs can be influenced by during training to exhibit certain behaviors through “subliminal messaging” and also how personality vectors can be manipulated for more desirable outcomes.
While performing this steering caused the models to lose a level of intelligence,
induced bad behaviors during training allowed for better results without an
intelligence reduction.
One of the big challenges of AI research is that companies don’t quite understand what
drives an LLM’s emergency behavior. More studies like these can help guide AI to a more benevolent path so we can avoid the Terminator-esque future that many fear.=
Clive Robinson • August 17, 2025 11:06 PM
@ not important,
With regards,
“AI Learned to Be Evil Without Anyone Telling It To,”
But also think what an Evil mind can do when assisted by an AI?
Have a look at,
https://m.youtube.com/watch?v=5V0UQ-MZNeE
It’s all AI including the music…
The first thing to note is all the scenes are less than 8 seconds so get in under the free time limit.
Secondly note that the fingering on the bag pipes are wrong.
Thirdly note that whilst they are busy with their fingers they are not moving the arm around the bag yet the drone tones are changing. Nore are their cheeks puffing nor chests inflating/deflating. Playing the bag pipes is quit physical and characteristically so, and those movements are not present[1].
Fourthly look for the mistakes in the movement of background objects like tree branches it’s as though some are “Doing the time warp”. But it’s even worse with the flowing water over rocks.
There are a number of other things wrong, but I’ll let you spot them like look at the weapons on the wall at 2:50 and keep a close eye on the ones to her right side… If you are not watching closely you might just think it’s shadows moving… But look at it a couple of times and you will realise the AI algorith has mucked up in that area and it’s moving weapons like they are shadows of weapons but only in that very limited area.
Speaking of weapons, keep your eyes on what you might call the sword belts and harnesses on the horses…
Oh and don’t forget to look at the comments and replies.
[1] The best way to see this is to look at a very real young lady playing the pipes and see the movements. So see the movements of Jane Espie AKA “The Phantom Piper” from the group Celtica Nova,
https://m.youtube.com/watch?v=LMsdssVwwSc
And yes I can assure you she’s very real and was dressed in Surgical Scrubs when I was under her watchful gaze on my vitals as all good nurses do to patients in “recovery” (she was working for the Scottish NHS in Fife) and we got chatting briefly.
lastofthev8’s • August 18, 2025 2:05 AM
I found this inside a webpage….line 1)
so why ? 👉’Trojan.Script.Heuristic-js.iacgm’👈 why is this so?? yes serious question as a noob
Clive Robinson • August 18, 2025 9:15 AM
@ Eriadilos, ALL,
With regards the “soft-sabotage” attack on the Norwegian Dam.
The question of “Who did it?” is less important than “How they did it?”
You always end up with a “causal chain” with from a defenders perspective starts at the ingress point and ends at the point of agency.
However having designed “Safety Critical Systems” for complex high value environments I know you should investigate further to find the most effective of solutions. And this almost always has broader implications often beyond current policy. Put simply,
Any change to a system has internal, local, and external consequences.
And you have to “consider or constrain” them all.
Part of that is the realisation that,
All attacks are “instances” in “classes” of attacks.
Thus you have to keep that in mind during both the consideration and constrain phases.
In a general sense you have few choices,
1, Do nothing / ignore attack.
2, Clean up / Rebuild the systems.
3, Use law enforcement against attackers.
4, Mitigate the “Instance” of attack
5, Mitigate the “Class” of attack
All to often the reality is somebody on “financial basis” goes only as far as step 2… or even step 3 if they do not think it will have adverse effects.
Which like it or not means the door is still open to other attacks in the future.
Unless the ingress was a result of a third party product failure, and the clean up involves “use all the latest patches” where the third party has made changes to their product in their patches that break the causal chain.
However if it is fixed with a patch from a third party supplier the chances are it only “fixed an instance” of attack which leaves the “class of attack” open to a future instance that simply “bridges over” the “patch fix”.
This means you have to go beyond “mitigating the instance”.
Also if you constrain yourself to just “fixing in the causal chain” you are limiting your options to “internal” not the wider “local or external” consequences
So you must also consider mitigating before the ingress point and beyond the agency point.
The two things you might have heard are,
“If an attacker can not reach the system they can not attack it”
This is known as “mitigation by segregation / compartmentalisation” and it’s the principle behind “air gaps” and “energy gaps”. Whilst it has a lot of advantages it usually increases cost, and more importantly it only works against external attackers not internal to the system. Which is why we are hearing more and more about “supply chain attacks”, because third party parts in your system are internal to the system effectively under the control of an external attacker.
The other thing you hear is,
“Design for fail safe operation and shutdown”
Put simply if you can break the chain at or beyond the point of agency you can limit or stop harm or damage. You hear about “intrinsic safety” where you consider all the potential failure modes of a system. You then design such that the system does not cause harm with a “single point of failure” or two or more parts.
So we can say by what is reported that two things were lacking in their system,
1, External communications were open / accessable.
2, There was no effective fail safe measures / systems in place.
The first could be easily mitigated by not using the internet or other “open / external” communications. Thus that is an “ingress mitigation” that solves not just an instance of attack but entire classes of attack.
The second could be mitigated by putting an independent fail safe mechanism on the output of the control system. Thus that is an “egress mitigation” that solves not just an instance of attack causing harm but “all attack and failure classes” in the system.
My advice would be to go for both as the first will stop attackers communicating with the system, and the second limiting or stopping harm under all system failure modes.
But when considering what is and is not open / external communications you need to remember that if an attacker can bring an antenna in range or can hop over the fence and “vampire tap” a comms cable they automatical become an “insider threat”.
I mention from time to time that engineers for various reasons design comms to be “ASCII plaintext”. This is a “legacy issue” that arose back before the 1980’s when encryption was either unavailable or inordinately expensive and unreliable and worse made diagnostics of systems in the field way to difficult. Whilst many of those problems still exist “good encryption on “links” within the system and to the system should be considered as sensible / essential these days.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Original Post URL: https://www.schneier.com/blog/archives/2025/08/friday-squid-blogging-squid-shaped-ufo-spotted-over-texas.html
Category & Tags: Uncategorized,squid – Uncategorized,squid
Views: 2
