sponsible disclosure movement of the early 2000s was supposed to prevent. This
is the talk.

Thirty years ago, a debate raged over whether vulnerability disclosure was good
for computer security. On one side, full disclosure advocates argued that
software bugs weren't getting fixed and wouldn't get fixed if companies that
made insecure software wasn't called out publicly. On the other side, companies
argued that full disclosure led to exploitation of unpatched vulnerabilities,
especially if they were hard to fix. After blog posts, public debates, and
countless mailing list flame wars, there emerged a compromise solution:
coordinated vulnerability disclosure, where vulnerabilities were disclosed after
a period of confidentiality where vendors can attempt to fix things. Although
full disclosure fell out of fashion, disclosure won and security through
obscurity lost. We've lived happily ever after since.

Or have we? The move towards paid bug bounties and the rise of platforms that
manage bug bounty programs for security teams has changed the reality of
disclosure significantly. In certain cases, these programs require agreement to
contractual restrictions. Under the status quo, that means that software
companies sometimes funnel vulnerabilities into bug bounty management platforms
and then condition submission on confidentiality agreements that can prohibit
researchers from ever sharing their findings.

In this talk, I'll explain how confidentiality requirements for managed bug
bounty programs restrict the ability of those who attempt to report
vulnerabilities to share their findings publicly, compromising the bargain at
the center of the CVD process. I'll discuss what contract law can tell us about
how and when these restrictions are enforceable, and more importantly, when they
aren't, providing advice to hackers around how to understand their legal rights
when submitting. Finally, I'll call upon platforms and companies to adapt their
practices to be more in line with the original bargain of coordinated
vulnerability disclosure, including by banning agreements that require
non-disclosure.

And this is me from 2007, talking about "responsible disclosure":

This was a good idea -- and these days it's normal procedure -- but one that was
possible only because full disclosure was the norm. And it remains a good idea
only as long as full disclosure is the threat.

** *** ***** ******* *********** *************

Scam USPS and E-Z Pass Texts and Websites

[2025.11.20] Google has filed a complaint in court that details the scam:

In a complaint filed Wednesday, the tech giant accused "a cybercriminal group in
China" of selling "phishing for dummies" kits. The kits help unsavvy fraudsters
easily "execute a large-scale phishing campaign," tricking hordes of
unsuspecting people into "disclosing sensitive information like passwords,
credit card numbers, or banking information, often by impersonating well-known
brands, government agencies, or even people the victim knows."

These branded "Lighthouse" kits offer two versions of software, depending on
whether bad actors want to launch SMS and e-commerce scams. "Members may
subscribe to weekly, monthly, seasonal, annual, or permanent licenses," Google
alleged. Kits include "hundreds of templates for fake websites, domain set-up
tools for those fake websites, and other features designed to dupe victims into
believing they are entering sensitive information on a legitimate website."

Google's filing said the scams often begin with a text claiming that a toll fee
is overdue or a small fee must be paid to redeliver a package. Other times they
appear as ads -- sometimes even Google ads, until Google detected and suspended
accounts -- luring victims by mimicking popular brands. Anyone who clicks will
be redirected to a website to input sensitive information; the sites often claim
to accept payments from trusted wallets like Google Pay.

** *** ***** ******* *********** *************

AI as Cyberattacker

[2025.11.21] From Anthropic:

In mid-September 2025, we detected suspicious activity that later investigation
determined to be a highly sophisticated espionage campaign. The attackers used
AI's "agentic" capabilities to an unprecedented degree -- using AI not just as
an advisor, but to execute the cyberattacks themselves.

The threat actor -- whom we assess with high confidence was a Chinese
state-sponsored group -- manipulated our Claude Code tool into attempting
infiltration into roughly thirty global targets and succeeded in a small number
of cases. The operation targeted large tech companies, financial institutions,
chemical manufacturing companies, and government agencies. We believe this is
the first documented case of a large-scale cyberattack executed without
substantial human intervention.

[...]

The attack relied on several features of AI models that did not exist, or were
in much more nascent form, just a year ago:

Intelligence. Models' general levels of capability have increased to the point
that they can follow complex instructions and understand context in ways that
make very sophisticated tasks possible. Not only that, but several of their
well-developed specific skills -- in particular, software coding -- lend
themselves to being used in cyberattacks.
Agency. Models can act as agents -- that is, they can run in loops where they
take autonomous actions, chain together tasks, and make decisions with only
minimal, occasional human input.
Tools. Models have access to a wide array of software tools (often via the open
standard Model Context Protocol). They can now search the web, retrieve data,
and perform many other actions that were previously the sole domain of human
operators. In the case of cyberattacks, the tools might include password
crackers, network scanners, and other security-related software.
** *** ***** ******* *********** *************

More on Rewiring Democracy

[2025.11.21] It's been a month since Rewiring Democracy: How AI Will Transform
Our Politics, Government, and Citizenship was published. From what we know,
sales are good.

Some of the book's forty-three chapters are available online: chapters 2, 12,
28, 34, 38, and 41.

We need more reviews -- six on Amazon is not enough, and no one has yet posted a
viral TikTok review. One review was published in Nature and another on the RSA
Conference website, but more would be better. If you've read the book, please
leave a review somewhere.

My coauthor and I have been doing all sorts of book events, both online and in
person. This book event, with Danielle Allen at the Harvard Kennedy School Ash
Center, is particularly good. We also have been doing a ton of podcasts, both
separately and together. They're all on the book's homepage.

There are two live book events in December. If you're in Boston, come see us at
the MIT Museum on 12/1. If you're in Toronto, you can see me at the Munk School
at the University of Toronto on 12/2.

I'm also doing a live AMA on the book on the RSA Conference website on 12/16.
Register here.

** *** ***** ******* *********** *************

IACR Nullifies Election Because of Lost Decryption Key

[2025--- FMail-lnx 2.3.1.0
 * Origin: TCOB1 A Mail Only System (618:500/1)