cryptonews

The population needs better conservation.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI.

It’s metadata—payment information related to a particular account—but still important knowledge. This sort of thing happens, even to privacy-centric companies like Proton Mail.

Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world.

The IoT is horribly insecure, but we already knew that.

Surprising no one, Meta’s new AI glasses are a privacy disaster.

I’m not sure what can be done here. This is a technology that will exist, whether we like it or not.

Meanwhile, there is a new Android app that detects when there are smart glasses nearby.

An expensive mistake:

Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea’s National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet.

The funds were stored in a Ledger cold wallet seized in law enforcement raids at 124 high-value tax evaders that resulted in confiscating digital assets worth 8.1 billion won (currently approximately $5.6 million).

When announcing the success of the operation, the agency released photos of a Ledger device, a popular hardware wallet for crypto storage and management.

However, the images also showed a handwritten note of the wallet recovery phrase, which serves as the master key that allows restoring the assets to another device.

The authorities failed to redact that info, allowing anyone to transfer into their account the assets in the cold wallet.

Reportedly, shortly after the press release was published, 4 million Pre-Retogeum (PRTG) tokens, worth approximately $4.8 million at the time, were transferred out of the confiscated wallet to a new address.

I’m skeptical about—and not qualified to review—this new result in factorization with a quantum computer, but if it’s true it’s a theoretical improvement in the speed of factoring large numbers with a quantum computer.

This is a current list of where and when I am scheduled to speak:

• I’m giving the Ross Anderson Lecture at the University of Cambridge’s Churchill College at 5:30 PM GMT on Thursday, March 19, 2026.
• I’m speaking at RSAC 2026 in San Francisco, California, USA, on Wednesday, March 25, 2026.
• I’m part of an event on “Canada and AI Sovereignty,” hosted by the University of Toronto’s Munk School of Global Affairs & Public Policy, which will be held online via Zoom at 4:00 PM ET on Monday, March 30, 2026.
• I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026.
• I’m speaking at the SANS AI Cybersecurity Summit 2026 in Arlington, Virginia, USA, at 9:40 AM ET on April 20, 2026.
• I’m speaking at the Nemertes [Next] Virtual Conference Spring 2026, a virtual event, on April 29, 2026.
• I’m speaking at RightsCon 2026 in Lusaka, Zambia, on May 6 and 7, 2026.

The list is maintained on this page.