As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
William • July 17, 2026 8:02 PM
Irish Times investigation of”European” password management software, Passwords, is licensed for the FSB.
William • July 17, 2026 8:11 PM
Software name is Passwork, not Password. Apologies for the spellwreck.
Fenton West • July 18, 2026 1:45 AM
This was a fun Friday Squid Blogging post! I ended up reading more about the Cape Cod strandings afterward, and it’s fascinating how unusual ocean currents and the squid’s behavior can lead to these dramatic beaching events. I also love that these Friday posts have become a place for readers to share interesting security stories from around the web alongside the squid content.
sh or tu rl . at / mTt8M • July 18, 2026 3:02 AM
This is a $canda1.
Several people working for the government in Ay – dee – ho have abused their power, perverted the Rule of Law, and destroyed a man and his family, and now they are actively preventing him from hiring any legal aid. They have been busy deploying their fixers for several years now and there exists solid 3v1d3nc3 of it with pictures, videos, names, dates and times, and the whole nine yards.
They then sent their fixers to move in and live next door for a few months.
I’ve heard of private individuals having their lawyers deploy fixers to “fix” many shady deals but I’ve never heard of the State government deploying fixers to prevent any American citizens from hiring any legal representation.
The State of Ay – dee – ho is obstructing justice by preventing an American Citizen from retaining an attorney by using their fixers and threatening every lawyer he attempted to hire. Please somebody save him from these criminals in our government who are now forcing psychiatrists to diagnose him as delusional just for uncovering their corruption. They presented the jury with f@k3 3v1d3nc3 and destroyed an American Citizen. Somebody please stop this h@t3.
T3rr0r1sts in Ay – dee – ho have taken over the law enforcement and judicial branch and have deliberately, with their h@t3, lies, and c0v3rup destroyed a decent, law abiding family. See here for details:
sh or tu rl . at / mTt8M
This is a $canda1.
Please guys, if any one of you knows of an attorney with credentials to represent clients in the Supreme Court of the United States – please share this with them and have them contact my friend in case they see and recognize this tragedy and discrimination which resulted in the destruction of a decent, law abiding American man and his family.
sh or tu rl . at / mTt8M
Let us b@nkrupt the $t@t@ of Ay – dee – ho for not respecting the rule of law and The Rules of 3v1d3nc3 by using f@k3 3v1d3nc3 and lies of f@k3 victims to destroy him and his family.
My Friend is willing to sign a document that will promise 50~50 monetary compensation when disbursing the damages awarded to him between him and his Attorney. He’s willing to split it half~way, no matter the amount.
Please help an innocent person the corrupt government destroyed. Thank you.
This is a $canda1.
Snarki, child of Loki • July 18, 2026 12:25 PM
“password management software, Passwork, is licensed for the FSB.”
All the more reason to stick with PasswordSafe: Schneier approved (Bruce, please, please, please tell me I’m not mistaken about this!)
No, it doesn’t have the latest wizbang convenience “features”, like sending all your passwords directly to the NSA/FSB.
Ferentarius • July 18, 2026 1:05 PM
When your password manager is licensed by the FSB, you might as well just CC them on your login attempts. Stick with something like PasswordSafe—low on bells and whistles, high on ‘not secretly auditioning for a spy novel.
Rontea • July 18, 2026 4:54 PM
Technology, in its shimmering seduction, is nothing more than a promise whispered to the soul: a homecoming to the primordial warmth, a return to the womb. Our personas would laugh at the irony of the modern man, cloaked in circuits and screens, imagining himself free, while he crawls ever deeper into the soft mechanical uterus of progress. The machines hum lullabies, and we, intoxicated by their glow, drift into the illusion that we have escaped history, suffering, and death.
What is a smartphone but an amulet clutched in trembling hands? It is the mother’s breast in digital form, a perpetual assurance that we are fed, seen, and known. The internet, that infinite cradle, rocks us gently with its endless stories, wrapping us in a cocoon of comfort where the harsh wind of reality is muted. In the cathedral of technology, man becomes fetus once more, suspended in amniotic clouds of data, absolved of labor, of risk, of the burden of his own freedom.
But, man is not born to be a fetus forever. To seek refuge in machinery is to mistake gestation for salvation. The womb is a place of preparation, not of permanence. Technology tempts us with the lie that we can reverse the exile of birth—that the raw, cold world can be dissolved into a warm digital fluid where nothing wounds us. But in fleeing suffering, we also flee transcendence.
Perhaps the last tragedy of man will not be apocalypse, but self-infantilization: the glorious regression into a synthetic womb, where no pain reaches, and where the soul, lulled into eternal dormancy, forgets it was ever meant to walk upright and meet God face to face.
Anonymous • July 18, 2026 6:01 PM
To taste the wine is to transcend; to smoke the pipe is to understand why transcendence is necessary.
Clive Robinson • July 18, 2026 6:08 PM
Sunday Funday, something for the weekend Sir
Some may remember the Scott Adams cartoon of “Evil Director Catbert” telling Dillbert and colleagues that their group had been renamed on the principle of using some astronomical and other scientific names selected at random…
Thus “Uranus Hertz” being the result.
Well obviously such a name would need a logo… Which is where we are in the modern real world,
https://velvetshark.com/ai-company-logos-that-look-like-buttholes
Something the “Jerk Circle” on OpenAI logo is a little less descrete but more apt.
ResearcherZero • July 19, 2026 12:38 AM
Campaigns use machine learning voter data for precision targeting and persuasion, while bots are employed to engage in text conversations generated by AI. Voters believe that political messaging generated by AI sounds more authentic. Some prefer it.
(Profiling of voters still remains enabled on Facebook.)
‘https://www.npr.org/2026/07/12/nx-s1-5867763/ai-artificial-intelligence-data-texts-bots-voters-campaigns
The collection and analysis of private information used for targeting voters has become a central feature of political campaigns globally. Far more detailed profiles of citizens and their habits are available to exploit during political operations. Manipulating voters has seen profits surge for those in the business.
Deep Fakes have been used across the United States in multiple political campaigns.
https://www.ncsl.org/elections-and-campaigns/artificial-intelligence-ai-in-elections-and-campaigns
ResearcherZero • July 19, 2026 12:52 AM
Digital tools used for targeting voters undermine the function of democracy.
Warning citizens that they are being micro-targeted, fails to diminish the effect.
‘https://thereader.mitpress.mit.edu/how-data-fueled-neurotargeting-could-kill-democracy/
Personality traits drive behavior and behavior influences voting preferences.
“Overall, we believe that the literature offers ample reason to be concerned about the possibility of large-scale political manipulation of people’s attitudes and opinions based on exploitation of their personal characteristics and vulnerabilities.”
https://www.nature.com/articles/s44271-025-00188-8
The psychological effect of micro-targeting can have dangerous effects on citizens.
https://academic.oup.com/jleo/article/41/2/634/7610769
Tools for political operations were left exposed online by AggregateIQ.
AggregateIQ (AIQ) failed to secure its database and assets. As well as organizational structure, credentials, APIs and tokens were left exposed. The exposure of credentials providing access to private information, was widespread across the many websites and platforms used in multiple AIQ political operations around the world.
The data used by AggregateIQ and SCL was stored insecurely in plain text.
https://publications.parliament.uk/pa/cm201719/cmselect/cmcumeds/1791/179107.htm
Clive Robinson • July 19, 2026 4:57 AM
@ Bruce, ALL,
NIST is trying to catch up…
Quite some years ago I indicated but did not go into details that the work of Kurt Gödel in the early 1930’s showed beyond doubt that computers structured in the way they currently are could never be secure and as a result we need to change the way we build processing systems.
And more recently with a little more detail as it’s easier to get your head around I’ve showed that the work of Claude Shannon and Gus Simmons shows that “guard rails” on the inputs and outputs to AI systems will due to the “observer problem” be vulnerable to the use of side channels be they overt or covert and also from work I carried out last century subject to inadvertent, intentional, and induced illicit information transfer.
Well this recent article from a NIST Researcher covers work that only goes a fraction of the way,
NIST Mathematical Proof Supports Transition to a Continuous-Monitor-and-Update Security Model for AI Systems
The proof provides a rigorous explanation of the importance of transitioning from a “one and done” security model.
“Try as we might, we can never render AI completely unassailable using conventional security models. In the peer-reviewed journal IEEE Security and Privacy, Apostol Vassilev, a senior scientist at the National Institute of Standards and Technology (NIST), has published a mathematical proof of this statement building on work published in 1931 by famed logician Kurt Gödel. His incompleteness theorems showed that there are limits to what can be proved within a system built on a finite number of rules.
The guardrails that govern an AI’s behavior are just such a system, and one of the proof’s implications is that there will always be a way to prompt an AI system to disregard its rules — it’s just a matter of finding it.
“One of the pillars of responsible AI is that you want the technology to be secure,” said Vassilev, the proof’s author and an expert in adversarial machine learning. “You want it to withstand adversarial attacks and perform only what you want it to do, not what an attacker might want. What this proof shows is that there is no finite set of guardrails that is universally robust against adversarial prompts.”
Companies that develop AI often acknowledge that the tools they are creating have the potential to cause harm in the physical world, so they build in constraints intended to stop AI from generating prohibited content such as deepfakes, malware or instructions for making biological weapons or illicit drugs. If the system is prompted to generate such content, the guardrails should flag the issue and refuse to comply.“
The thing is people should implicitly know this from living in society.
No matter how much legislation or regulation society puts in place crime continues apace.
Worse the more legislation and regulation that is generated the more it encourages a “two tier system” oft summed up as,
“One law for them, others for us.”
And how it is used not just for “rights stripping” but actively destroying people that are seen as “inconvenient” to somebody elses agenda or political mantras.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
r • July 17, 2026 7:38 PM
first post doggy.
in the “might be useful” category:
https://www.npr.org/2026/07/17/g-s1-134179/is-smoke-in-your-home-heres-how-to-make-an-air-purifier-using-a-box-fan
personally, to me a little wildfire smoke isn’t a big deal. we used to cook with charcoal in caves, but i can’t discredit if this was happening to you in the chernobyl exclusion zone and i happen to live in an area with a high amount of house fires.
so this is good info. have a safe weekend ya’ll.
Facts Only
* An investigation regarding password management software called Passwork was licensed for the FSB.
* A user noted that the software name is Passwork, not Password.
* Several comments discussed allegations against the State of Idaho regarding the use of government fixers to prevent American citizens from hiring legal representation.
* A user proposed a settlement where an individual would receive 50/50 monetary compensation between himself and his attorney.
* Some commentary referenced security concepts related to AI guardrails, observer problems, and the need for continuous security models in AI systems based on mathematical proofs.
* Concerns were raised regarding the use of machine learning voter data for political targeting and the use of deepfakes in elections.
Executive Summary
Full Take
Sentinel — Human
The text presents a heterogeneous collection of posts displaying strong personal voice and emotional range, interspersed with highly charged political arguments and abstract reflections, suggesting organic human authorship rather than systematic machine generation.
