THIS is how Google Maps wants to "calibrate"??
Oh HELL NO!
I'm giving you GPS and I can do the figure 8 sillyness if I need to but give you access to my *camera* to take pics and send them to Google???
Are people really doing this shit?!
infosec
AMERICAN PANOPTICON
The #Trump admin is pooling #data on Americans. Experts fear what comes next.
by Ian Bogost & Charlie Warzel
If you were tasked with building a #panopticon, your design might look a lot like the #information stores of the US federal govt—a collection of large, complex agencies, each making use of enormous volumes of data provided by or collected from #citizens.
#law #privacy #InfoSec #AmericanAutocracy #tech #DOGE #Musk #surveillance
https://www.theatlantic.com/technology/archive/2025/04/american-panopticon/682616/?gift=guxsrl_dAdXUP9zqbQPWxc3WqSyzCi3gasJ-au_BC9g&utm_source=copy-link&utm_medium=social&utm_campaign=share
Edited 71d ago
It still seems hard to believe, but in the last #Congress, the #House #Republican majority formally launched an #impeachment inquiry against Joe #Biden. The endeavor never made any sense, but the underlying allegation was that the Democratic president was somehow the beneficiary of a weird #bribery scheme.
#law #Constitution #EmolumentsClause #ForeignAsset #Compromised #NationalSecurity #InfoSec #Trump #crypto #grift
https://www.msnbc.com/rachel-maddow-show/maddowblog/trumps-controversial-meme-coin-contest-proves-predictably-profitable-p-rcna203293
I'm looking for a new job doing security assessments / research.
I spent the last 6 years building advanced security assessment capabilities around hardware/IoT, industrial, marine OT, and x86 platforms. Before that I spent 5 years as a pentester. I excel at weird and novel stuff with no template.
I'm in the UK and I'm looking for a remote full-time role.
CV: https://poly.nomial.co.uk/graham_sutherland.pdf
Please get in touch if you know of any available roles! :)
Edited 88d ago
TOMORROW (4/8) at 6:30 PM EST, legendary @defcon speaker @RenderMan will be talking about his #intetnrtofdongs project finding #vuln #0days & #infosec research into smart sex toys for #DESCI NYC!
RSVP Here: https://lu.ma/descinyc32
Every decade or so the recommendations on best practices change, so I'm curious on the current best practices around SSH keys stored on a device (eg a laptop).
If we believe that the best practice currently is to have a new private key per client device (ie for each laptop, desktop, or phone) that one connects to a server from, then that opens the question in my mind of what are folks doing for passphrases for these keys.
Obviously the ideal would be very strong, unique passphrases per device, but then if one has 4+ devices, this can get fairly challenging to remember.
Do you use passphrases on per-device keys?
Do you re-use the passphrase across keys?
Do you forgo traditional ssh keys stored on the computer in favor of Yubikeys?
Do you have tools to help you manage which keys are on which hosts so you can retire or revoke them as necessary?
🔒📲 Adicionei DroidFS à lista de aplicativos da F-Droid que tenho utilizado na tornozeleira eletrônica de bolso: https://blog.ayom.media/daltux/aplicativos-do-f-droid-que-uso-atualmente
#SoftwareLivre #FDroid #criptografia #Apps #Android #InfoSec #gocryptfs #CryFS #dicas
#SoftwareLivre #FDroid #criptografia #Apps #Android #InfoSec #gocryptfs #CryFS #dicas
#Whistleblower details how #DOGE may have taken sensitive #NLRB data
In the first days of March, a team of advisers from #Trump's new Department of Government Efficiency initiative arrived at the Southeast Washington, DC, headquarters of the National Labor Relations Board.
The small, independent federal agency investigates & adjudicates complaints about unfair #labor practices.
#law #InfoSec #privacy #NationalSecurity #Musk
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
Senior #State Department official sought internal communications with #journalists, #European officials, & Trump #critics
#Trump appointee Darren Beattie requested records regarding a large list of high-profile names, organizations, & #RightWing buzzwords for a “#TwitterFiles” style document dump about alleged conservative censorship.
#law #FirstAmendment #FreeSpeech #FreePress #privacy #InfoSec #democracy #RevengePolitics
https://www.technologyreview.com/2025/05/01/1115988/senior-state-department-official-sought-internal-communications-with-journalists-european-officials-and-trump-critics/
This is fucking dystopian and we should all be fucking horrified that this shit is happening.
I've become kind of inured recently to horrifying, dystopian shit, and this still shocks me.
We aren't "at risk" of living in a police state. We _are_ living in a police state.
That's been true for BIPOC forever, and now it's catching up with the rest of us because we let it happen to them.
h/t @josephcox
#infosec #privacy #policeState
https://www.404media.co/license-plate-reader-company-flock-is-building-a-massive-people-lookup-tool-leak-shows/
A centralized intelligence database on all Americans is not inherently legal.
It likely breaks the Privacy Act of 1974, the Foreign Intelligence Surveillance Act (FISA), the 1st, 4th and 5th Amendments.
This must be stopped. Contact your Senators and Representative and ask them to stop it. I use @5calls to call mine.
https://newrepublic.com/post/195904/trump-palantir-data-americans
The Russians aren't coming, they are already here. Without most anyone realizing, they've created an entire malicious adtech industry whose story is just as complex as the Chinese organized crime we're now realizing from their ventures into pig butchering.
VexTrio is just one Russian organized crime group in the malicious adtech world, but they are a critical one. They have a very "special" relationship with website hackers that defies logic. I'd put my money on a contractual one. all your bases belong to russian adtech hackers.
Today we've released the first piece of research that may eventually prove whether I am right. This paper is hard. i've been told. I know. We've condensed thousands of hours of research into about 30 pages. @briankrebs tried to make the main points a lot more consumable -- and wrote a fabulous complimentary article : read both!
There's so much more to say... but at the same time, between ourselves and Brian, we've released a lot of lead material ... and there's more to come. I've emphasized the Russian (technically Eastern European) crime here, but as Brian's article points out there is a whole Italian side too. and more.
We've given SURBL, Spamhaus, Cloudflare, Domain Tools, several registrars, and many security companies over 100k domains. They are also posted on our open github.
Super thanks to our collaborators at Qurium, GoDaddy Sucuri Security, and elsewhere.
#threatintel #scam #tds #vextrio #cybercrime #cybersecurity #infosec #dns #infoblox #InfobloxThreatIntel #malware #phishing #spam
https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/
My previous intro post was a few years old, so behold, new intro post:
Mike. Live in the Seattle area having grown up in the UK as a full blown British. Have a wife (incredible), child (boy), and three dogs (golden retriver/cream retriver/fuck knows).
I work in information security, something I have done for about 20 years. By day I run corporate security, enterprise IT and various other bits and pieces for an EV charging startup. I am big into EV's and currently drive one that is not a Tesla. I want an electric motorbike, so if anyone has a spare one please send it.
I also have a company of my own, Secure Being (https://securebeing.com), which does pen testing and digital forensic work - it's my way of staying super hands on while still doing the management bits on the career path.
I have written books about information security things. Five of them. Two are non-fiction textbooks, and three are fiction based on real world #infosec things. Check out https://infosecdiaries.com and your local bookstore to find them, just search for my name. I have been trying to write more stuff, but always seem to find myself distracted by other things, such as work. linktr.ee/secureowl has some mini stories I've written.
I love radio and everything RF. I have lots of antennas and various scanners and radios on my desk. I love intercepting and decoding things, like digital radio protocols.
I am a big aviation nerd. I always wanted to be a commercial pilot. I gained my private pilots license in the UK at 17, all self funded by my employment at the local Safeway/Morrisons store. I did the sim test and commercial assessments, but for some reason, at 18, I was unable to find the £100k needed to complete the commercial training, so I did computers. But do not worry, because those computers and love of aviation and radio/RF combined, and I run a project called ACARS Drama. https://acarsdrama.com has all the details.
I play guitar and am a big guitar/audio nerd as well. I record music under the moniker Operation: Anxiety, https://operationanxiety.com - the music is on all the normal places.
Finally, I am a massive fan of motorsport. I believe I have watched every F1 race for the last 30 years, maybe 25. I also follow F2, FE, Indycar and MotoGP closely. I average around 18 hours of Le Mans 24 hour racing watching per year.
So there you have it. If you are looking for a thought leader on the topics mentioned above, you've come to the wrong place - because this is where I shitpost, and shitposting is cheap therapy.
#infosec #dfir #pentesting #acars #vdlm2 #sdr #rf #f1 #seattle #introduction
Apparently there exists a system for deep dredging of public Internet data about specific people, called #Hermes, and it was bought by the Polish national prosecutor's office in 2021.
Seems like it was sold by the #NSOGroup, but they were only a reseller for another, unnamed Israeli company.
There's been quite the brouhaha about it in Polish media, but it's kinda difficult to find any mentions of it anywhere outside Poland.
Weird.
Does anyone have any info on this?
Edited 39d ago
Spyware from US-backed Israeli firm Paragon was used to target European journalists, raising concerns about abuse in democracies. Citizen Lab's analysis ties infections to Italy, as questions mount over state surveillance.
https://apnews.com/article/spyware-italy-paragon-meloni-pegasus-f36dd32106f44398ee24001317ccf2bb
Ummmm…
Not okay.
The #USArmy has announced that it is swearing in 4 #tech execs from #Palantir, #Meta, #OpenAl, & #ThinkingMachinesLab — as #ArmyReserve lieutenant colonels.
:ciladaBino: Os caras mandam mensagem de phishing alegando que "Sua assinatura do Amazon Prime foi cancelada", mas com ligação para estrutura concorrente 
... Se rodassem o sistema da cilada na AWS, seria mais verossímil! 😹
#InfoSec #Phishing
... Se rodassem o sistema da cilada na AWS, seria mais verossímil! 😹#InfoSec #Phishing
Edited 20d ago
if y'all just used the same 2 passwords for all your accounts, we wouldn't be in a situation of 16B passwords leaked 🙄
https://9to5mac.com/2025/06/19/a-staggering-16-billion-logins-exposed-in-epic-data-breach-including-apple-accounts/
__www.9to5mac.com/2025/06/19/a-staggering-16-billion-logins-exposed-in-epic-data-breach-including-apple-accounts
#infoSec
🚀🤘Introducing Psylo: A New Kind of Private Browser
After 9 months of development, we're super excited to finally launch Psylo, a new kind of private web browser for iOS and iPadOS.
In Psylo, each tab is its own “silo” with isolated storage, cookies, and even its own IP address. Psylo introduces advanced anti-tracking and anti-fingerprinting features that go beyond what a VPN can offer.
Full announcement: https://mysk.blog/2025/06/17/introducing-psylo/
Great, informative writeup of Cryptographic Gotchas: https://gotchas.salusa.dev/
Lots of fantastic references and links in there, too.
📰 Governo Digital — Gestão assina protocolo de intenções com Rede Nacional de Ensino e Pesquisa (RNP) para ampliar iniciativas de privacidade e segurança da informação
Também seria interessante deixarem de rotear todos os dados entre RNP e Europa pelos Estados Unidos da América. Compare um traceroute para qualquer destino europeu dentro e fora da RNP.
Algo imporante seria estimular que equipes especializadas em segurança da informação tivessem consciência das consequências de se comunicarem por WhatsApp ou correio eletrônico do mesmíssimo Google Workspace intermediado pela RNP.
Paralelamente, cidadãos poderiam passar a conseguir ser plenamente reconhecidos pelo Governo Digital sem uma tornozeleira eletrônica de bolso oficialmente suportada por Google ou Apple.
Enfim, fica bem difícil acreditar em privacidade e segurança da informação no Estado brasileiro enquanto perdurarem essas práticas, entre outras notícias.
#SoberaniaDigital #InfoSec #segurança #governo #Brasil
[...] estão previstas ações para fomentar a cultura de privacidade e segurança da informação, tanto para o cidadão quanto para a Administração Pública.
Também seria interessante deixarem de rotear todos os dados entre RNP e Europa pelos Estados Unidos da América. Compare um traceroute para qualquer destino europeu dentro e fora da RNP.
Algo imporante seria estimular que equipes especializadas em segurança da informação tivessem consciência das consequências de se comunicarem por WhatsApp ou correio eletrônico do mesmíssimo Google Workspace intermediado pela RNP.
Paralelamente, cidadãos poderiam passar a conseguir ser plenamente reconhecidos pelo Governo Digital sem uma tornozeleira eletrônica de bolso oficialmente suportada por Google ou Apple.
Enfim, fica bem difícil acreditar em privacidade e segurança da informação no Estado brasileiro enquanto perdurarem essas práticas, entre outras notícias.
#SoberaniaDigital #InfoSec #segurança #governo #Brasil
Edited 4d ago