sponsible disclosure movement of the early 2000s was supposed to prevent. This is the talk.

Thirty years ago, a debate raged over whether vulnerability disclosure was good for computer security. On one side, full disclosure advocates argued that software bugs weren't getting fixed and wouldn't get fixed if companies that made insecure software wasn't called out publicly. On the other side, companies argued that full disclosure led to exploitation of unpatched vulnerabilities, especially if they were hard to fix. After blog posts, public debates, and countless mailing list flame wars, there emerged a compromise solution: coordinated vulnerability disclosure, where vulnerabilities were disclosed after a period of confidentiality where vendors can attempt to fix things. Although full disclosure fell out of fashion, disclosure won and security through obscurity lost. We've lived happily ever after since.

Or have we? The move towards paid bug bounties and the rise of platforms that manage bug bounty programs for security teams has changed the reality of disclosure significantly. In certain cases, these programs require agreement to contractual restrictions. Under the status quo, that means that software companies sometimes funnel vulnerabilities into bug bounty management platforms and then condition submission on confidentiality agreements that can prohibit researchers from ever sharing their findings.

In this talk, I'll explain how confidentiality requirements for managed bug bounty programs restrict the ability of those who attempt to report vulnerabilities to share their findings publicly, compromising the bargain at the center of the CVD process. I'll discuss what contract law can tell us about how and when these restrictions are enforceable, and more importantly, when they aren't, providing advice to hackers around how to understand their legal rights when submitting. Finally, I'll call upon platforms and companies to adapt their practices to be more in line with the original bargain of coordinated vulnerability disclosure, including by banning agreements that require non-disclosure.

And this is me from 2007, talking about "responsible disclosure":

This was a good idea -- and these days it's normal procedure -- but one that was possible only because full disclosure was the norm. And it remains a good idea only as long as full disclosure is the threat.

** *** ***** ******* *********** *************

Scam USPS and E-Z Pass Texts and Websites

[2025.11.20] Google has filed a complaint in court that details the scam:

In a complaint filed Wednesday, the tech giant accused "a cybercriminal group in China" of selling "phishing for dummies" kits. The kits help unsavvy fraudsters easily "execute a large-scale phishing campaign," tricking hordes of unsuspecting people into "disclosing sensitive information like passwords, credit card numbers, or banking information, often by impersonating well-known brands, government agencies, or even people the victim knows."

These branded "Lighthouse" kits offer two versions of software, depending on whether bad actors want to launch SMS and e-commerce scams. "Members may subscribe to weekly, monthly, seasonal, annual, or permanent licenses," Google alleged. Kits include "hundreds of templates for fake websites, domain set-up tools for those fake websites, and other features designed to dupe victims into believing they are entering sensitive information on a legitimate website."

Google's filing said the scams often begin with a text claiming that a toll fee is overdue or a small fee must be paid to redeliver a package. Other times they appear as ads -- sometimes even Google ads, until Google detected and suspended accounts -- luring victims by mimicking popular brands. Anyone who clicks will be redirected to a website to input sensitive information; the sites often claim to accept payments from trusted wallets like Google Pay.

** *** ***** ******* *********** *************

AI as Cyberattacker

[2025.11.21] From Anthropic:

In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI's "agentic" capabilities to an unprecedented degree -- using AI not just as an advisor, but to execute the cyberattacks themselves.

The threat actor -- whom we assess with high confidence was a Chinese state-sponsored group -- manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.

[...]

The attack relied on several features of AI models that did not exist, or were in much more nascent form, just a year ago:

Intelligence. Models' general levels of capability have increased to the point that they can follow complex instructions and understand context in ways that make very sophisticated tasks possible. Not only that, but several of their well-developed specific skills -- in particular, software coding -- lend themselves to being used in cyberattacks.
Agency. Models can act as agents -- that is, they can run in loops where they take autonomous actions, chain together tasks, and make decisions with only minimal, occasional human input.
Tools. Models have access to a wide array of software tools (often via the open standard Model Context Protocol). They can now search the web, retrieve data, and perform many other actions that were previously the sole domain of human operators. In the case of cyberattacks, the tools might include password crackers, network scanners, and other security-related software.
** *** ***** ******* *********** *************

More on Rewiring Democracy

[2025.11.21] It's been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what we know, sales are good.

Some of the book's forty-three chapters are available online: chapters 2, 12, 28, 34, 38, and 41.

We need more reviews -- six on Amazon is not enough, and no one has yet posted a viral TikTok review. One review was published in Nature and another on the RSA Conference website, but more would be better. If you've read the book, please leave a review somewhere.

My coauthor and I have been doing all sorts of book events, both online and in person. This book event, with Danielle Allen at the Harvard Kennedy School Ash Center, is particularly good. We also have been doing a ton of podcasts, both separately and together. They're all on the book's homepage.

There are two live book events in December. If you're in Boston, come see us at the MIT Museum on 12/1. If you're in Toronto, you can see me at the Munk School at the University of Toronto on 12/2.

I'm also doing a live AMA on the book on the RSA Conference website on 12/16. Register here.

** *** ***** ******* *********** *************

IACR Nullifies Election Because of Lost Decryption Key

[2025--- FMail-lnx 2.3.1.0
* Origin: TCOB1 A Mail Only System (21:1/229)