Daniel Cuthbert

@Allgood4NH @Slav636 Hard to tell. I mean it would’ve been very easy back then given we didn’t widely use certificates and detection of back doors was incredibly primitive at the time. Doable

@Slav636 @dcuthbert Do you think there was any chance that these advertised proxies were USG honeypots?

in the 1990s, the US government classified 128-bit SSL encryption as a "munition" under ITAR, putting it in the same legal bucket as missiles and tanks. As a result, Netscape and Microsoft had to develop two entirely separate versions of their web browsers:

@InsiderPhD @0xTib3rius @BSidesLeeds Doesn't look anything like his profile pic. Deepfake? anyone confirm actual hooman?

Important reminder from @0xTib3rius you CAN in fact just do things, fantastic keynote at @BSidesLeeds

When this dumbass law was made, Debian responded by setting up a repository just for software affected by it, which would only be available on non-US servers, but still accessible worldwide. The "munitions" had already been exported of course, so it was pretty much useless.

Well this aged well....

@espie_openbsd Theo was the main selling point, that and the t-shirts ;)

@dcuthbert that was one of the selling points of OpenBSD back then (made in Canada)

@Slav636 Similar for us in South Africa. Twas when I moved to NYC could I then grab the forbidden candy

@dcuthbert I was in the former USSR, so experienced the restriction. Quickly found proxy in the US to download full versions, including schannel.dll for Windows. The proxies were advertised, no abuse! It was funny to see attempts to come up with interim upgrades. SGC, anyone? ;)

@ArcaVorago RoboWars. Can’t wait

@dcuthbert 90s cryptowars 3.0

How history repeats itself in this industry is funny. From the crypto wars to the AI wars....

The Domestic Edition (US & Canada): Full, secure 128-bit encryption. The International Edition (Rest of the World): Had its cryptographic legs intentionally broken. The symmetric key length was artificially capped at a measly 40 bits

I had a lot of Fable tokens to use up before my weekly reset, so I made this live 3D map of London with Three.js Every train, bus, boat and plane is real and live right now! - Tube, bus and riverboat data from TfL - National Rail trains from Darwin live departure boards - ADS-B for planes and helicopters - AIS feed for boats and ships - Map data from Overture and OpenStreetMap Trains and buses have no GPS feed, so their positions are inferred from arrival countdowns and departure boards, then animated along the track/route geometry

@junaidloonat Sums up my existence at the moment. Making vendors explain why their stuff isn’t made that well

@dcuthbert The opening comment alone is packed with gold, including: "Make expensive boxes tell the truth" Despite all the advances and incidents in our field, we're still needed to operate as the reality check (aka "hammer") "...If it had a compliance department" Never too late :-)

Sorry, not sorry. GOBBLES4LYFE That was fun to do

npm finally killed postinstall and preinstall scripts, THANK GOD, so I wrote an obituary for npm's worst feature which will finally die in v12

@derekschatz I think there's more too it. Mine use their ipads but a lot for drawing and football skills + homework. What isn't good is how the platforms help keep them safe. Apple's approach to child safety in ios is suboptimal, an afterthought at best so it's time this was rectified

@dcuthbert Far too many parents these days are happy to keep their young children quiet and placated by giving them a screen to stare at. It’s simply a failure of parenting.

Apple trust and safety: get your kids addicted early and you’ve got a customer for life Trust us. They need an iPhone now.

@robertauger Preach brother!!

@dcuthbert Fluffy bunni was also 2legit2quit

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me socket.dev/blog/mini-shai…

@jrozner JOE!! who would do such a thing?????? ;p

@dcuthbert Does it rm -rf your box or drop a shell?

@DennisF Im tempted to do a full roadshow now. Bring the bands back kinda thing

@dcuthbert The kids don't know what they missed

@dlitchfield well done you 0xBEEFCAKE you!!!

I set a new British record in the bench press. Quite chuffed with that :) instagram.com/reel/DZWuWtyOS…