@anagnostes @Cheatha can we get a modern reboot of the "Designed for Linux - Windows Vista incapable" stickers?
Cuz I think it's high time we stop peddling to a shitty #Govware!
New blog post, this one is about an odd trend I spotted a couple of years ago, which involves slow port scans potentially using botnets:
https://www.markloveless.net/blog/2025/5/20/tracking-advanced-port-scanning
What makes this interesting is it is not the first time I've blogged about this use of slow botnet usage, it is also used to guess passwords, as I talked about last month:
https://www.markloveless.net/blog/2025/4/22/fail2ban-for-sendmail-auth
Question for better hackers/security people than me (pretty much everyone, that is)
If a random guy tells you to use their hotspot, what kind of info are you likely to lose?
Of course, no banking, no buying, etc. But watching YouTube? Safe or not?
My youngest just accepted a stranger's hotspot while travelling halfway around the globe. Sigh. I have failed as a mom.
Folks who organize in #Signal GCs, I beg of you: please consider *not* changing your screen name every few days. I know you think of this as an #opsec measure, but it makes actual opsec impossible: after a few rounds of this, especially in large chats, I have no idea who’s in the room, and I bet you don’t either. You could be sharing plans for a gathering with Pete Hegseth, for all you know! I get the need to protect yourself…but this ain’t it.
A month or so ago, my brother and I convinced our parents to switch our family chat to @signalapp. We’d been hesitant to introduce new tech to a couple people in their 80’s.
Then this happened yesterday. Who says you can’t teach an old dog new tricks?
Just a reminder:
In 2015 the Associated Press revealed that the FBI was operating a small air force with scores of low-flying planes across the US performing video and cellphone surveillance - all hidden behind fictitious front companies.
#Surveillance #Infosec #Opsec #FBI
https://www.apnews.com/article/192109d8ed744277a0d8fd6e6a1728f2
Use QubesOS for compartmentalization if you require multiple identities.
Mayke [7/31] - Let’s hack the GPS locations in our photos, for fun and personal safety!
When a friend sends you a screenshot of their flight plan that also contains their booking reference, what would you do?
Update: TeleMessage’s message store has been exfiltrated. A hacker claimed it took them less than 30 minutes to access it. The archived messages were stored—apparently in plaintext?—in an AWS container, which they accessed.
What’s more, the data contains usernames AND PASSWORDS. Did they really store plaintext passwords?
Absolutely incredible. Mike Waltz and all the clowns that use this product for classified messaging need to be arrested and charged.
#kakistocracy #MikeWaltz #opsec
https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/
User “mdh2” on Bluesky claims that Mike Waltz wasn’t caught using Signal on his phone, but something far worse: “TM SGNL”, an app made by an Israeli company called “CyberInt”. mdh2 claims that messages on that chat platform are backed up on 3rd party servers.
This appears correct. The screenshot from Mike Waltz’s phone shows the “TM SGNL” product name.
bsky post (login required): hxxps://bsky.app/profile/mdh2.bsky.social/post/3lo57bdld2c2q
Tor Browser opsec discovery: The security level slider cannot be relied upon without a full browser restart: https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw/
If you frequently switch between security levels in Tor Browser (or Mullvad Browser!), make sure you are fully restarting the browser every time, otherwise you could still unexpectedly have dangerous JS features enabled!
This requirement is not publicly documented anywhere. Hopefully @torproject will add a prompt to restart after modifying this setting in a future Tor Browser release.
I mean…
#MikeWaltz spotted using modified #Signal app at Cabinet meeting
Newly ousted #NationalSecurity adviser Michael Waltz, who came under scrutiny for his usage of the messaging app Signal to discuss sensitive #military operations, was photographed at a Cabinet meeting on Wednesday appearing to use a modified Signal app to conduct official business w/Cabinet members & other top #Trump admin ofcls.
They told you to stay connected.
But connection is the leash.
I don’t drop memes. I drop warnings.
Privacy is dying by design.
— DeadSwitch
Fear the silence. Fear the switch.
Pretty good breakdown of OpenAI o3's (quite good) performance at guessing locations based on photos, by way of the "GeoGuessr" game (metadata stripped). It scored better than a very highly ranked human.
A tendency of some AI critiques is to treat _all_ such evidence as "smoke and mirrors". That is unhelpful; it occludes awareness of capabilities that are actually improving (and can present real #opsec and surveillance risks in this case).
https://sampatt.com/blog/2025-04-28-can-o3-beat-a-geoguessr-master
NPR Exclusive: #Trump White House looking to replace #PeteHegseth as defense secretary
The #WhiteHouse has begun the process of looking for a new leader at the #Pentagon to replace #Hegseth, according to a US official who was not authorized to speak publicly. This comes as Hegseth is AGAIN mired in controversy over sharing #military operational details in a group chat.
#NationalSecurity #OpSec #InfoSec #law
https://www.npr.org/2025/04/21/nx-s1-5371312/trump-white-house-pete-hegseth-defense-department
“A launch of an attack there is just no-way, no-how, that an American #military operation starting off is going to not be #classified for Lord's sake," retired Marine Lt. Col. Mick Wagoner said.
And #Hegseth's #defense also tacitly confirms that he shared those details w/people, like his wife, he knew were not authorized to have the information.
"If you remember…I said no one is texting war plans," #Hegseth said on FauxNews. "What was shared over #Signal then [during the first leak, which surfaced last month] & now was informal, unclassified coordinations for media coordination [&] other things."
But the details he shared, 2hrs before airstrikes hit in Yemen, almost certainly were #classified, acc/to ret Marine Lt Col Mick Wagoner, who was a #military lawyer for 17 years & deployed to 4 war zones.