I often receive PDF files that require a signature. These include real estate, banking, legal, or business documents. ("Here's the NDA. Sign it and return it.") These may sound like straightforward requests, but there isn't "one way" to sign a PDF. The different signing approaches include: Picture of a Document: Print it, sign it with ink, and scan it in. The final document is a picture of a signed document. Picture of a Signature: Use a drawing tool ("pen" or "paintbrush") to draw your signature as an image element in the PDF document. Cryptographic Signature: Use a cryptographic digital s ..read more

Less than two months ago (Jan 13, 2025), the State of Arizona announced a pilot program using C2PA to authenticate pictures released by the Arizona Secretary of State. I can only assume that nobody associated with the Arizona state government did their due diligence, because every single example that they released demonstrates how C2PA does not work. Surface Evaluation Their pilot program includes a web page that shows sample pictures that are signed using C2PA. (https://acm.azsos.gov/) Each web page shows a set of pictures, each with the little "Cr" icon. (Warning: if you jump to the next ..read more

Today, FotoForensics turns 13 years old! (It's officially a teenager!) I am still amazed at how popular the site has become. The Majestic Million currently places it at around 67,000 of the top 1 million web destinations. (That's more popular than most porn sites.) It has currently received over 7.6 million unique pictures, with a typical month having 300,000 - 500,000 distinct visitors (excluding web bots). The free public FotoForensics service only supports pictures, while the commercial version supports audio, video, and other media formats. However, there's one more format that people oft ..read more

ShmooCon is a conference that I've always wanted to attend because it features really cutting edge topics on computer security. Unfortunately, I've never been able to attend. Why couldn't I make it? Tickets typically sell out within minutes. If you're not on the web site when they become available, you'll miss out. I'm just not that fast at clicking 'reload'. It's held in Washington, D.C. Unless I have a business reason to go there (which covers my travel expenses), I can't afford the cost. Most conferences, including ShmooCon, give speakers free admission. Submitting a talk was definitely ..read more

I'm still looking for ways to save money and make the office more energy efficient. This time last year, we had a serious "arctic blast" deep freeze, with highs in the single digits and going negative at night. The furnace was running often and I still needed a heavy sweater in the office. A year later and we're having a very similar arctic blast (same temperatures, same duration), but I'm not wearing a heavy sweater in the office, and the furnace is running less often. The Box Version 1 Last year, I wrote about one of my office hacks, where I placed a box below the air intake vent. I was sur ..read more

The word "inauguration" refers to the beginning of a new period. And what better way to kick off 2025 than with a deep analysis of a viral picture of the incoming President: (Click the picture to view it at FotoForensics.) This picture allegedly shows incoming President Trump's official portrait. In fact, Trump's official web site displays this picture under the heading "Official Portraits Released — And They Go Hard ????". (https://www.donaldjtrump.com/news/07024bed-769c-482f-a243-5c5ee1682e9e; no hyperlink since it's my policy to not link to sites that are affiliated with scams or that p ..read more

I have this long-held belief that donuts are a perfect food. It's not just the variety of flavors, textures, or even that biological craving for sugars and fats along with the Maillard reaction that causes the sugars and proteins to combine into the perfect golden crispy-on-the-outside, soft-on-the-inside combination. No, it's also that donuts are the perfect analogy for computer security and forensics. If you're going to have the calories, make sure it tastes good The obvious analogy to computer security is the donut hole. If the donut is your app, then the hole represents the security pro ..read more

As with most people who work in a computer field, I have PTSD: Parent Tech Support Duties. If it's not parents, then it's partners (coworkers), pals (friends), progeny (children), or peers (people in a related field). These are not techies asking technical questions. No, these are non-techies asking what should be basic questions. See attached problem The number one question I get? "How do I attach a file to my email?" It sounds like a simple problem and something that can be learned quickly. However, different mail programs use different menu options and different icons. Some programs show a ..read more

Every year I try to come up with a focus or special project to work on, and my blog topics often reflect it. This year, I had a great idea about "optimizing" things around the office. This turned into writings like: Office hacks: These are some of the little things I've done around the office, that some of my coworkers thought were good ideas. Like putting a box below the air intake to stop outside air from flooding the room with cold air. (I have since replaced the cardboard box with an empty plastic bucket that works much better.) Cleaning up old processes: I had some long-running research ..read more

This year has seen a huge increase in AI generated content. Pictures, text generation, audio, and even real-time video have ventured closer to being the norm rather than the exception. I'm sure everyone is familiar with the biggest problems: AI-generated fiction is being represented as real. AI-generated books are flooding online sellers with junk novels. Artists are having their works consumed by AI without permission to generate knock-offs, effectively killing their businesses. Scammers are using AI to make more believable cover stories. People are using AI to perform research and analysis ..read more