godforsaken.website is one of the many independent Mastodon servers you can use to participate in the fediverse.
godforsaken.website is a uk-based mastodon instance boasting literally thousands of posts about bumholes and UNESCO world heritage sites

Server stats:

31
active users

#opsec

2 posts2 participants0 posts today

New blog post, this one is about an odd trend I spotted a couple of years ago, which involves slow port scans potentially using botnets:

markloveless.net/blog/2025/5/2

What makes this interesting is it is not the first time I've blogged about this use of slow botnet usage, it is also used to guess passwords, as I talked about last month:

markloveless.net/blog/2025/4/2

Mark LovelessTracking Advanced Port Scanning — Mark LovelessI’ve noticed ports scans. A lot of them. However these are different, these are all scans from a seemingly distributed scanning network spread out over multiple IP addresses.

Question for better hackers/security people than me (pretty much everyone, that is)
If a random guy tells you to use their hotspot, what kind of info are you likely to lose?
Of course, no banking, no buying, etc. But watching YouTube? Safe or not?
My youngest just accepted a stranger's hotspot while travelling halfway around the globe. Sigh. I have failed as a mom.

Folks who organize in #Signal GCs, I beg of you: please consider *not* changing your screen name every few days. I know you think of this as an #opsec measure, but it makes actual opsec impossible: after a few rounds of this, especially in large chats, I have no idea who’s in the room, and I bet you don’t either. You could be sharing plans for a gathering with Pete Hegseth, for all you know! I get the need to protect yourself…but this ain’t it.

A month or so ago, my brother and I convinced our parents to switch our family chat to @signalapp. We’d been hesitant to introduce new tech to a couple people in their 80’s.

Then this happened yesterday. Who says you can’t teach an old dog new tricks?

Replied in thread

Update: TeleMessage’s message store has been exfiltrated. A hacker claimed it took them less than 30 minutes to access it. The archived messages were stored—apparently in plaintext?—in an AWS container, which they accessed.

What’s more, the data contains usernames AND PASSWORDS. Did they really store plaintext passwords?

Absolutely incredible. Mike Waltz and all the clowns that use this product for classified messaging need to be arrested and charged.

#kakistocracy #MikeWaltz #opsec

404media.co/the-signal-clone-t

404 Media · The Signal Clone the Trump Admin Uses Was HackedTeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.

User “mdh2” on Bluesky claims that Mike Waltz wasn’t caught using Signal on his phone, but something far worse: “TM SGNL”, an app made by an Israeli company called “CyberInt”. mdh2 claims that messages on that chat platform are backed up on 3rd party servers.

This appears correct. The screenshot from Mike Waltz’s phone shows the “TM SGNL” product name.

bsky post (login required): hxxps://bsky.app/profile/mdh2.bsky.social/post/3lo57bdld2c2q

🚨 Tor Browser opsec discovery: The security level slider cannot be relied upon without a full browser restart: privacyguides.org/articles/202

If you frequently switch between security levels in Tor Browser (or Mullvad Browser!), make sure you are fully restarting the browser every time, otherwise you could still unexpectedly have dangerous JS features enabled!

This requirement is not publicly documented anywhere. Hopefully @torproject will add a prompt to restart after modifying this setting in a future Tor Browser release.

www.privacyguides.org · A Flaw With the Security Level Slider in Tor Browser
More from Jonah Aragon

Pretty good breakdown of OpenAI o3's (quite good) performance at guessing locations based on photos, by way of the "GeoGuessr" game (metadata stripped). It scored better than a very highly ranked human.

A tendency of some AI critiques is to treat _all_ such evidence as "smoke and mirrors". That is unhelpful; it occludes awareness of capabilities that are actually improving (and can present real #opsec and surveillance risks in this case).

sampatt.com/blog/2025-04-28-ca

sampatt.como3 Beats a Master-Level Geoguessr Player—Even with Fake EXIF DataIn Which I Try to Maintain Human Supremacy for a Bit Longer

NPR Exclusive: #Trump White House looking to replace #PeteHegseth as defense secretary

The #WhiteHouse has begun the process of looking for a new leader at the #Pentagon to replace #Hegseth, according to a US official who was not authorized to speak publicly. This comes as Hegseth is AGAIN mired in controversy over sharing #military operational details in a group chat.

#NationalSecurity #OpSec #InfoSec #law
npr.org/2025/04/21/nx-s1-53713

Continued thread

"If you remember…I said no one is texting war plans," #Hegseth said on FauxNews. "What was shared over #Signal then [during the first leak, which surfaced last month] & now was informal, unclassified coordinations for media coordination [&] other things."

But the details he shared, 2hrs before airstrikes hit in Yemen, almost certainly were #classified, acc/to ret Marine Lt Col Mick Wagoner, who was a #military lawyer for 17 years & deployed to 4 war zones.