Strat 🌐

@fuckaslr @vxunderground I seem to recall that the French announced quite some time ago that they reserved the right to go kinetic over cyberwarfare incidents. It is probably time, even if It would be nicer to be de-escalatory. I also want a pony.

@vxunderground “if we cant internet you, we’ll physically hurt you” ??????? smelly PLEASE elaborate on this 💀

Today United States Donald J. Trump released the "Cyber Strategy for America" document. It was highlighted by FBI Director Kash Patel. Let's take a look at it together. I'll translate it from fancy political speak into nerd speak. Intro: >america is cool and badass >were strong af fr >our hackers are schizo af >we could be strongerer >need corpos to work with us fr >were fuckin shit up so nerds cant hide >america 250 years old soon >computers are important Section Two: >we made the internet >we are the best in internet stuff >mean nerds fuck shit up on the internet >mean nerds pissing us off >"im trump and im not a bitch about cyber" >mean nerds targeting important shit online >this is a new era of cyberspace >lots of money online Section Three: >mean nerds pissing us off fr >if we cant internet you, well physically hurt you >he actually wrote that LOL >other countries have shitty AI >we have the best AI >were gonna work with unis and companies for AI >wont let people be censored online >something about people censoring americans >mean nerds will get sanctioned >mean nerds will be memed >mean nerds will get beat up (maybe) >america remove more regulations on AI >regulations slow us down >gotta go fast af boi fr >cybersecurity so important fr Donald J. Trump Pillars of Action: 1. Shape Adversary Behavior >mean nerds attacking americans and companies >theyre innocent ppl tho >nsa and cia given thumbs up to hack back extra >we raising aggression 2. Promote Common Sense Regulation >reduce cybersecurity regulation >checklists are for losers >regulation make companies less agile >companies and gov need to be fast af 3. Modernize and Secure Federal Government Networks >government computers are lame >will make them better >use best practices >use "post-quantum cryptography" >use "zero-trust architecture" >use "cloud transition" >will improve stuff to hunt down nerds we dont like >will use AI for cybersecurity 4. Secure Critical Infrastructure >critical infra support important >energy grid important af to defend >banks important af to defend >hospitals important af to defend >water plants important af to defend >telecoms important af to defend >datacenters important af to defend >must defend everything important af >stop using technology made by countries we dont like 5. Sustain Superiority in Critical and Emerging Technologies >america will make more tech stuff >we gonna protect what we make fr >cryptocurrency must be secured and stuff >we need quantum stuff >ai mega important tho >we need more ai for hacking and for defense >people we dont like hack dumb and shitty ai 6. Build Talent and Capacity >we need more nerds >nerds are unironically super important >need to invest in nerds >remove "roadblocks" for nerds (???) across industry >will invest in more nerd stuff for nerds to learn

@JSyversen @halvarflake There are number of what I suspect (and maybe hope) are unsustainable trends and practices. So much of even security product design is performative and uncoupled to verifiable data that I believe any professional of conscience has good cause to check their premises.

Was talking to my son who works at Toshiba and realized I still have some strong feelings about how broken the cyber security industry is. It’s why I left and got into something better. Wrote a rant on LinkedIn about it. I miss the technical side and some Of the great people but there are a lot of structural things really wrong there. (Or maybe I’m old and entering get off the lawn phase!) 😏

@vxunderground I have used them from the time they were Mac-only. The 2 big draws were 1) allowing the use of my own cloud storage and 2) actual security architecture documentation. This drive to make everyone a cloud customer just engenders more attack surface from my perspective.

1Password said, "Hello, we like money, we are going to increase our pricing by 33%. It is now $47.88/year". I said, "Hello, I am terminating my subscription and deleting my account."

@JSyversen I marvel that Michael Crichton got the weird hands thing right in 1973 and that it works with AI-generated images in 2026.

Just tried Seedance 2.0. Like every other AI video model it is incapable of rendering a solo person doing a basketball layup. Shocking to me that’s the shibboleth for breaking every video model I’ve ever seen. (And I’ve tried a dozen prompt variations). So weird.

@vxunderground As an aside, who actially "accredits" journalists these days, much less *tech* journalists? I knew some good ones back in the day, but these days - if they can't even get coverage of videogames right as a profession, why would I expect it for enterprise security?

I guess Persona saw my post, or other adjacent posts on social media, because Persona sent out an email addressing the findings to their customers. They wrote the following (although I'm paraphrasing): 1. Persona does not share your customers data outside of scope. They said all contracts are solidified and compliance is important 2. Persona does not work with the Department of Homeland Security, or the United States government in general, however they assert they admit they are seeking potential contracts 3. Persona is not involved with Peter Thiel, although he is an investor. Persona asserts they have no relationship with Palantir 4. Company employees, including investors, do not have access to customer data. 5. They don't plan on saying anything else about this posts on social media because it amplifies stuff. They politely and gently call social media people schizo conspiracy theorists and state they are privately engaging with accredited journalists behind the scenes.

@JSyversen Just remember the caution in Richard Foster's short story "A Nice Morning Drive" in Road and Track that inspired Rush to write Red Barchetta.

This is pretty cool. As a Tesla drive who loves FSD and uses it often it makes a ton of sense. A close friend's daughter came over a hill and crashed into stopped cars. The car in front of her... was a Tesla which stopped in time. She didn't react as quickly. It's way more safe.

It is 2026, and once again the failure to provide adequate defensive bug bounty responsiveness and competitive pricing means vulndev turns to the offensive markets. Same story since at least 1996.

@vxunderground I remember when Amazon was explicitly discussing applying rules to the Echo devices relating to that. My first thought goes to that gedankenexperiment I am not going to name so as to avoid recklessly spreading a cognitohazard.

Do y'all think if someone is rude or abusive to AI chat thingies it's a reflection of who they are? If someone is hostile, or demeaning, or rude to like, ChatGPT that means they're potentially an abusive person?

@HostileSpectrum I remember commuting in the Metro when I was younger and asked a colleague "Why are there ads for fighter planes and how can I buy one?" Then they explained how I wasn't the target.

Ads here showing anti submarine warfare sonar arrays deployed in exquisite full motion CGI detail. Tell me you are in the beltway without telling me.

My friend @IceSolst has been doing incredibly dangerous research. She has enumerated EVERY version of Microsoft Copilot. Viewer discretion is advised. - Microsoft Copilot - Microsoft Copilot Pro - Microsoft Copilot Business - Microsoft Copilot+ PC - Microsoft Copilot Chat - Powered by WorkIQ - Copilot Pages - Copilot Studio - Gaming Copilot - Copilot Voice - Copilot Labs - Copilot for Windows - Copilot in Bing - Copilot for Microsoft 365 - Copilot for Word - Copilot for Excel - Copilot for PowerPoint - Copilot for Outlook - Copilot for Teams - Copilot for OneNote - Copilot for Loop - Copilot for Sharepoint - Copilot for Viva - Copilot for Sales - Copilot for Service - Copilot for Security - Copilot for Finance - Copilot for HR (in Copilot for HR) - Azure Copilot - GitHub Copilot - GitHub Copilot Chat - Copilot for Microsoft Defender - Copilot for Entra - Copilot for Intune - Copilot for Purview - Copilot for Edge - Copilot for Designer - Copilot for Clipchamp - Copilot for Photos - Copilot for Dynamics 365 Sales - Copilot for Dynamics 365 Customer Service - Copilot for Dynamics 365 Marketing - Copilot for Dynamics 365 Supply Chain - PayPal Microsoft Copilot [NEW] Microsoft is offering 43 different versions of Microsoft Copilot

@vxunderground Razer makes some spiffy peripherals but their history with software support leaves something to be desired. I love my Razer Stargazer (Intel RealSense) camera but they migrated their "Synapse" platform and made it all but unsupportable. Now we are looking at Synapse 4 this month

Everyone sobbing and crying over the Razer Project AVA 3D Anime Waifu Hologram companion is being a big baby The device Razer is selling requires a connection to a Windows device over USB. Hence, this device requires (in some capacity) drivers (kernel mode components). What I suspect (pure speculation) is when you purchase this device you'll need to install a Razer service (program running constantly) which will run as a service (Windows service, SYSTEM-level authority) somewhere on the machine. I suspect a user-mode component will be displayed which allows you to configure your 3D Waifu thingie. I am profoundly curious what this looks like under the hood. "Hologram" technology aside, I want to look at the user mode components, the kernel mode components, the network requests it makes. I want to know what it's written in. Python compiled to .exe? Is it an Electron app (common now)? C/C++? Trendy and hip in Rust? I am also deeply curious on the pricing model they push. This (in my opinion) is a really interesting piece of technology. I really, really, really want to poke it with a stick to see how it works internally. What happened to nerds being curious and excited about stuff? Jesus

@dpmilroy @robertgraham The ARPANET model is just fine, thank you very much. Don't believe the OSI hype. When was the last time you used CLNP anyway?

@robertgraham I want an Internet that has millions of tutorials on the OSI model. lol

Here's what you need to know about cloud outages: The Internet is unreliable, and was designed to be that way, because it's a good thing. The marginal cost of additional reliability is huge compared to the marginal benefits. You don't want a more reliable Internet, you want a cheap Internet were innovation happens at a rapid pace.

@infosec_fox That may be true, but caffeine is a food group, along with fat, salt and sugar.

Reminder to my fellow cybersecurity professionals. Coffee isn’t a meal.

@infosec_fox Almost depeering a popular regional ISP from the rest of the Internet because they weren't policing their miscreants.

For anyone who used the internet between 1991–2009… what online trend or moment do you remember the most?

@DebugPrivilege Security folklore and a lack of protocol knowledge.

@IceSolst You had me at "penutrutiuna tastrse."

>go online to learn about tech >spyware company guy waddling with sword in office >orange investors company funding middle school side projects (vibecoded subway surfers) >omarchy >immortality guy pays young girl for shrooms >I wrote task manager >72nd Yann LeCun crash out >hallucinated cheat sheet “Arch Linux vs parrot OS for penutrutiuna tastrse” >new model for videos, HOLLYWOOD is COOKED (video of a duck with a backwards cap surfing while drinking beer) >”move to sf, go into debt if you have to” >floral pattern shirt defense company guy going on increasingly genocidal rants >I wrote task manager >omarchy >screenshot: blocked by investor guy with surgically eggified head tip >tbpn interview with ratatouille the mouse and G-Man from Half-Life >I wrote task manager >omg don’t use public wifi sim swap attack Russian AI 0day grok is this true >world’s richest retard says grok told him the only way to get to mars is to deport all immigrants (he’s an immigrant but he means the OTHER ones, you know) >tbpn interview with ayatollah khomeini >omarchy is just a script? >pay me more for steve job daughter screenshot crash out >I wrote task manager >OpenAI vaguepost >vercel ceo selfie with Adolf Hitler >fifteen trillion passwords leaked in data breach >ok but Omarchy is literally just an install script for arch what am I missing >Our Smartest Model Ever >tbpn interview with Ragnaros, The Firelord live from Molten Core >I wrote task ma

@valsaven @yanabantai And the 30 floppy disks

@yanabantai No

Did everyone start their Linux journey with Ubuntu?

@HappyGi09234773 @gabsmashh UTC like the heavens intended

@gabsmashh Question what time and date would it be if daylight savings time never existed?

has the daylight been saved? 🥹

There will not be the time nor resources to fix all of the vulnerabilities uncovered in the near future as more AI bug finders get to work. What should defenders do now? The irony to me is that they should do what they should have already been doing: assuming those bugs existed.

1995: The networking utility netcat was first released by Hobbit as netcat 1.0.