John Scott-Railton

Articles hit at the sweet spot for people using LLMs to turn tweets into essays. Not only was our attention span already precarious, but suddenly long text = takes more time to read it than it did to write it. Now, we need need a summary feature to fix this.

@cliffmathew @Strava @lemonde Yes

@jsrailton @Strava @lemonde I got the answer - he was running on a moving ship.

NEW: French sailor reveals position of aircraft carrier with his fitness app. Run tracking app @Strava shows Charles de Gaulle as it steams across the Med. #stravaleaks strike..again! Story by @lemonde. 1/

7/ But wait, isn't the movement of something like an Aircraft Carrier not a big secret...yes..sort of. And this particular deployment isn't a secret. But consider: (a) this case is diagnostic of an unauthorized use problem (b) navies know the traditional ways they are watched with satellites etc. But they can only do deceptive maneuvers etc when they know what they are focused on. And they do deception to confuse these systems all the time. They know when satellites pass, know what to show on their deck etc etc. (c) Strava emits some useful signals: For example, someone is probably not jogging around the deck when a carrier is doing flight ops or prepping for them. It also indicates things about what might be happening based on that persons role: when they are jogging, they aren't manning their other role in the Combat Information Center...etc etc x.com/jsrailton/stat…

@lemondefr @Strava 6/ Many such cases. Unbelievable sloppiness around location data & private devices. Reason that militaries that are in a lot of active big conflicts learn to keep personal phones away from sensitive locations. x.com/Helene_G_du_P_…

@HalforNY__ @Strava @lemonde And if it doesn't move, paint it.

@jsrailton @Strava @lemonde The amount of rust on that ship is unsat! Once over dust, twice over rust!

However, those satellites only pass at specific times, known to navies. Very limiting. *Long history of navies purposefully making maneuvers to deceive satellite observers.* Everything emitted is a signal. But you can only defend against the ones you know about The bigger issue is that fitness trackers & other mobile location data are a flow of high time & location precision that is not controlled for.

@jsrailton @Strava @lemonde there is literally free global aircraft carrier tracking provided by EU funding: browser.dataspace.copernicus.eu/?zoom=16&lat=3…

It's true. But it's also true that every signal about the movement of a ship is useful. Satellites, shipspotting, AIS transponders etc.. Each gives something. But is also dependent on other things like satellite pass timing etc. And those are things that are adjusted for and taken into consideration. This is simply another data flow that is undesirable and seemingly impossible to stop...

@jsrailton @AsiaLens @Strava @lemonde “Reveals position” of a giant vessel in a tiny and busy body of water…

@ZackKorman @vxunderground This

@vxunderground They use PR firms. So the news agencies know these firms so whenever they need a quote or a clip on cyber they ask who the firm has and they go “here is Joe McCybersecurity”

I am genuinely impressed by mainstream media outlets ability to find absolute nobodies in cybersecurity. It's remarkable. I am often left speechless. There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today as a special guest is world-renowned cybersecurity expert and ethical hacker Joe McCyberSecurity". I'm like, who the fuck is Joe McCybersecurity? I've been doing cybersecurity and malware stuff for a long time and I've never once seen or heard of Joe McCybersecurity. If he is world-renowned, I would THINK I would have seen them or heard of them. The camera then pans over to Joe McCybersecurity and it is the most generic cookie cutter white dude in a cheap suit and the tag below him will say something like, "Joe McCybersecurity, Ethical Hacker, CEO of Cybersecurity McJoe Industries" I'm like, "Cybersecurity McJoe Industries? What the fuck is that?". I look it up and it's a generic WordPress website hosted on GoDaddy with an expired SSL cert. Joe McCybersecurity then babbles incomprehensible nonsense for about 60 seconds until the TV host goes "woaw" and it cuts to a commercial. Absolute cinema.

@securityweekly Excellent work.

We found 9 vulnerabilities across 4 low-cost IP-KVM vendors. These $30 devices give attackers the equivalent of physical access to everything they connect to. Below the OS, EDR, and pretty much every security control you've deployed.

Most companies do value your privacy! As a product they can sell.

@WorkshopLabs Promising business model.

Letting a provider see all your data is the price of admission for AI. We're changing that. Introducing Silo, the first private post-training and inference stack for frontier models, with hardware-level guarantees that we can’t see your data. Privacy without compromises. 🧵

@wdormann @signalapp Yeah. And in a sense it reveals how deceptions work. The best con artists are always warning people to be vigilant about ...con artists.

NEW: VIPs & regular people are losing their @signalapp accounts to a clever deception. I've made a little graphic of how the attack works. Here's how to protect yourself1/