Notices by Simple Nomad (simplenomad@rigor-mortis.nmrc.org)

If the CIA approves of Signal for use internally - particularly the use case of communicating with CIA personnel in the field - this likely means the NSA gave them a thumbs up. So this implies that bare minimum no other intelligence agency can defeat Signal's encryption. Does that mean the NSA can't either? Up for debate I guess, but quite likely no for them as well.

This doesn't mean the platform it is running on is secure blah blah blah, but hey, when you think about it this is a massive endorsement for the use of #signal

#opsec #infosec #security

https://www.businessinsider.com/cia-head-signal-use-senate-hearing-the-atlantic-tulsi-gabbard-2025-3

@mattblaze I lived through that era, telling younger friends about it now there is a disconnect as it is abstract. At least these relics make it real for them, maybe (hopefully) making some of my current paranoia and political “take” seem slightly more, well, justified.

Watched a bit of Empire Strikes Back with my son, he says that if Luke had killed that white carnivorous creature instead of cutting off his arm, he could have stayed in the cave, maybe heating up rocks with the light saber, but instead decides to just run out into a blizzard instead of shelter in the cave from the cold. Leaving a communications device near the front of the cave Han probably would have found him and sheltered with him.

This is what it’s like having adult children. Damn.

Just listened to @joshbressers and @kurtseifried on the #osspodcast discussing the openness of open source in the context of security, and I must say that the idea of ever working for an employer that ships closed source software is something I could never do again. Going to work at GitLab was rather freeing - there is no "barely stating truth" when disclosing bugs because the source code tells the truth. Every employer before that, even many that shipped security software, were so strict in the wording of disclosures that they were basically exercises in "truthiness" more than anything else. Good episode, Josh and Kurt.

https://opensourcesecurity.io/category/podcast/

#infosec #security

Hey kids, they're not posted yet, but keep an eye out for some management positions in the Security division (Director to VP) at GitLab. All remote, follow-the-sun, really decent place to work. Plus there are a number of positions open already for analysts, engineers, and a manager position (most are in APAC). Check it out! #infosec #security #jobs

https://about.gitlab.com/jobs/all-jobs/

For those that run a #Mastodon instance on #Ubuntu server, have you had any issues upgrading from 22.04.4 LTS to 24.04.1? Any tips appreciated.

#MastoAdmin #mastodonadmin

So. That was impressive. Here’s a quick sample from the backyard. Of note: temperature drop from 79.3 to 74.8, #solar production from the panels dropped to 0 and the house draw from the grid was the usual constant 420 watts, once the sun started coming back out the panels ramped back up, the temperature continued to drop for a few minutes to 74.5 but finally started edging up, and the dog could give a shit and just wandered around sniffing like usual.

Wow. The pictures don’t do it justice. Jupiter was visible to the left and Venus to the right (not in picture).

#eclipse #totality #texas #eclipse2024

This xz backdoor thing reminds me of a story I heard from friends that worked at a tech company that made cell phones. They had a great coder that worked on the project, he had put in work as a contractor for a few months, and due to the quality of his work he was hired in full time. After two months he simply stopped showing up to the office.

An investigation turned up the following interesting items. His account had accessed all files including source code to *all* cellular projects - in that he had apparently downloaded a copy of everything. He had committed a large amount of contributions to the project he was assigned to. None of his paychecks were ever cashed. A wellness check to the house he had rented was performed and the house was completely empty. Per the landlord he'd paid for 6 months rent in advance in cash. Apparently he never physically moved in. No record for him nor his social security number seemed to check out. The guy was a ghost.

I was asked about recommendations on future prevention by friends who worked there - no idea how far they got in their investigation, if backdoors were ever found or even existed, or if the Feds were ever involved. The punch line? This was probably a couple of decades ago.

This shit is real, and it has been going on for a long time.

#infosec

Hmmm, every server I'm getting spam from has a new user in their public directory named yqqwe, and each one of these users is following mastodon_admin_yggwe on a single-user instance mastodon.tinynews.org. One can look at the 924 followers of this admin and they all are named yqqwe and they are all on servers I've been getting #spam from. #fediverse #moderation #administration

Your challenge for today (in two parts): First, do a random act of kindness for a stranger. Second (and arguably a really tough one for many), do NOT talk about it online. You know, just be nice and not “take credit”.

#BeADecentHuman #ActOfKindness

@pluralistic If it helps, you’re my _favorite_ pebkac fuck…

I'm looking forward to the Veilid presentation being posted online from #defcon. However that hasn't stopped me from glancing over the code, and even downloading and setting up a Veilid server node. I think this is going to be a hell of a project once it really gets going with some apps.

https://veilid.com/

#cDc #veilid #defcon31

Hey #infosec any recommendations on #Peertube? Like a good instance to join, should I host my own or upload to somewhere else, anything infosec / #hacking themed already out there? Curious...

Happy 70th birthday, polio vaccine! Thank you, Dr. Jonas Salk. It was announced to the world on March 26, 1953.

#science #vaccine #polio