At the end of last year (13-Dec-2023, following my blog entry on "C2PA's Butterfly Effect"), I was asked to be in a call with the Coalition for Content Provenance and Authenticity (C2PA) and their supporting organization, the Content Authenticity Initiative (CAI). Leadership, management, and developers from C2PA and CAI were present. 100% of the C2PA and CAI representatives came fromt Adobe, while I showed up with one of my associates, Shawn. Shawn and I detailed the problems with C2PA's specification, discussed vulnerabilities, and went over the high-level implications from releasing a flawed ..read more

Today, April 1st, I'm proud to announce another Hacker Factor product: The Brick! Total Network Security! Are you TIRED of those pesky INTERNET WAVES sneaking into your office? Do you crave the PURE, UNADULTERATED SILENCE of a DIGITAL DEAD ZONE? Well, step right up, folks, because "Network Neal" has got the solution for you! Introducing "The Brick" -- the ultimate firewall! This ain't your momma's Wi-Fi router, folks! This bad boy is built with the same government-grade shielding used to protect Area 51 from those nosy aliens! The Brick won't just block your ads, it'll block your neighbor's ..read more

Last week, one of my mail systems died. It was the system that I used to read and send emails, not the main office mail server. According to the last logs, it went down at around 2am. No failure notices. No error messages. It was just powered off. When I came into the office, I tried to turn it on, but it never even got to the post-on-self-test (POST) stage. This is a serious hardware failure. The good news is, I was able to open the case and pull the hard drive. The entire file system was intact. I spun up a new isolated computer for reading and sending emails, copied over my old mail archiv ..read more

I'm not a close follower of the British Royal family or their related dramas. But when a single picture floods my FotoForensics service as people around the world determine whether it is real or fake, well, that gets my attention. This is a small sample of the literally thousands of variants of the image that FotoForensics received on March 10th. While these pictures are visually the same image, they differ by dimensions, compression, cropping, coloring, annotations, and more. It's not just one picture from Instagram; it's viral copies from Instagram to WhatsApp to Facebook to BlueSky and b ..read more

I hadn't planned to write about more C2PA problems so soon, but my last few blog entries on C2PA's problems has struck a chord with readers and some of their feedback is very time critical. (This time sensitivity is ironic since my last blog pointed out C2PA's problems with timestamps.) IEEE The first feedback I received mentioned a recent article (4-March-2024) at IEEE Spectrum. IEEE's David Evan Harris and Lawrence Norden reviewed Meta's proposed solution to AI-generated media. The article's title nailed the problem (their bold for emphasis): Meta's AI Watermarking Plan Is Flimsy, at Best ..read more

Throughout my review of the C2PA specification and implementation, I've been focused on how easy it is to create forgeries that appear authentic. But why worry about forgeries when C2PA can't even get ordinary uses correct? Just consider the importance of the recorded timestamps. Accurate time records can resolve questions related to ordering and precedence, like "when did this happen?" and "who had it first?" Timestamps can address copyright assignment issues and are used with investigations to identify if something could or could not have happened. At my FotoForensics service, I've seen an ..read more

Recently, the buzz around security risks has focused on AI: AI telemarketing scams, deepfake real-time video impersonations, ChatGPT phishing scams, etc. However, traditional network attacks haven't suddenly vanished. My honeypot servers have been seeing an increase in scans and attacks, particularly from China. Homemade Solutions I've built most of my honeypot servers from scratch. While there are downloadable servers, most of the github repositories haven't been updated in years. Are they no longer maintained, or just continuing to work well? Since I don't know, I don't bother with them. W ..read more

I recently attended a presentation about an online "how to program" system. Due to Chatham House Rules, I'm not going to name the organization, speaker, or programming system. What I will say: as an old programmer, I often forget how entertaining it can be to watch a new programmer try to debug code during a live demonstration. (My Gawd, the presenter needs to go into comedy. The colorful phrases -- without swearing -- were priceless.) I totally understand the frustration. And while I did see many of the bugs (often before the presenter hit 'Enter'), the purpose was to watch how this new syste ..read more

Today, my FotoForensics service turns 12 years old! It has over 6,800,000 unique pictures. That's up about 800,000 from last year. The site's popularity has increased by about 12%, from being in the top 80,000 of internet destinations last year to about 70,000 right now. (By comparison, the top five internet destinations are currently Google, Facebook, Youtube, [surprisingly] Twitter, and Instagram. None of my services are that popular, yet.) Unexpectedly Popular I actually find the site's popularity kind of surprising, considering all of the wide-area bans. For example: Banned: Tor I've bee ..read more

I like solving problems, which is probably why I spend so much time programming, digging through technical specifications, and analyzing log files. Some of my solutions are rather elegant, while others are ugly patches. However, a few of my coworkers have enjoyed some of my more physical "hacks". I'm often doing small projects that just make things nicer around the office. The Box Trick We recently had a really deep cold snap. For four days, our "high" temperature was in the single digits (around 7°F, or -14°C). On one of those days, the news reported that Denver was colder than the South Pol ..read more