ทวีตที่ปักหมุด
Nick Hutton
19K posts
Nick Hutton
@nickdothutton
30 years in Cyber Security, CTO, Product, Investor, Founder, Engineer. Armchair interests: geopolitics, propaganda, persuasion, ideological subversion.
The Cyber-Industrial Complex เข้าร่วม Kasım 2016
3.3K กำลังติดตาม2.2K ผู้ติดตาม
This kind of thing is almost fractal in nature. The contractors also commonly get paid a referral fee by the agency when they bring in more contractors to work alongside. So it behooves them to claim they are "too busy" and need "more resources". Trousering several thousand pounds per teammate. This results in dozens of hires when a team of just 3-5 competence people would have done a better job. Naturally government departments have quotas for many things, but competence is never one of them.
Leo Kearse - see me on tour! Links in bio@LeoKearse
Having worked in the public sector, I can confirm it operates as a mafia. A giant holding pen for mediocre people with mediocre degrees to wear suits and create work for each other so they can steal an ever larger chunk of taxpayers' hard-earned money. Of course they spent £180 million deciding not to build a road tunnel. When I worked in public sector management consultancy, we were tasked with finding efficiencies in the IT department of a large government agency. One man we spoke to had two laptops on his desk. He said one was for forex trading and the other one was to monitor his chicken farm in Ghana. There was no shame as he told us this, no realisation that he was actually being employed to do a job that didn't involve forex trading or managing a chicken farm in Ghana. We were struck by the number of people sitting around doing nothing, even for a public sector organisation. Then we discovered that the man running the IT department also owned an IT recruitment consultancy. Every man he hired into this IT department from his recruitment consultancy put money in his own pocket. So there was a huge incentive for him to just hire as many men as possible to get as rich as possible. Never mind being prosecuted over this - I don't think he actually lost his job. And there's an incentive in the rest of the public sector to hire as many people as possible because the more people you manage, the more important you are, the bigger budget you get, and the greater your salary. (On the plus side, as a management consultant, finding efficiencies in the public sector is a piece of piss.) When you hear about public sector investment, this is money taken from the real economy and given to people to produce very little. This isn't "investment" any more than a bank "invests" in bank robbers. It's not done to make a profit. It holds the real economy back, not just in terms of the tax burden, but also in the huge numbers of workers tied up in this false, public sector Potemkin economy. Those workers should be in the real economy producing something of value. Britain could be a paradise. We could all be rich. There's no need for mass immigration. The workers we need are already here doing nothing, on benefits or in the public sector. We just need to fire everyone in the public sector and scrap all benefits.
English
Nick Hutton รีทวีตแล้ว
🚨BREAKING: SUPER MICRO CO-FOUNDER ARRESTED FOR SMUGGLING $2.5B IN NVIDIA GPUs TO CHINA
>SMCI co-founder Yih-Shyan "Wally" Liaw arrested today
>personally holds $464 MILLION in SMCI stock
>charged with smuggling BILLIONS in Nvidia servers to china
>used a southeast asian shell company to funnel $2.5B in servers to chinese buyers
>$510 million worth shipped in just THREE WEEKS in spring 2025
>built thousands of fake dummy servers to fool U.S compliance auditors
>caught on surveillance camera using a HAIR DRYER to swap serial number stickers
>coordinated the whole thing over encrypted group chats
>SMCI down 12% after hours
>faces up to 30 years in federal prison
ITS SO OVER…
National Security Division, U.S. Dept of Justice@DOJNatSec
Three Charged with Conspiring to Unlawfully Divert Cutting Edge U.S. Artificial Intelligence Technology to China “The indictment unsealed today details alleged efforts to evade U.S. export laws through false documents, staged dummy servers to mislead inspectors, and convoluted transshipment schemes, in order to obfuscate the true destination of restricted AI technology—China,” said John A. Eisenberg, Assistant Attorney General for National Security. “These chips are the product of American ingenuity, and NSD will continue to enforce our export-control laws to protect that advantage.” 🔗: justice.gov/opa/pr/three-c…
English
Those loss leader engagements and conversations you have at the front of your funnel are all going to be done by AI.
English
Professor Ian Fells (1932-2025), professor of energy conversion at Newcastle University and Institute of Energy president in 1979, warned repeatedly in the 1980s that the UK lacked a coherent national energy strategy. In his September 1984 paper "The world nuclear power scene and UK energy policy in 1984" (Energy Policy journal), he criticised reliance on market forces and short-term expediency over integrated planning, urging balance across nuclear, coal, gas and emerging renewables for security and efficiency. He advised multiple government committees on this theme throughout the decade.
English
UK political horizon has moved from “end of the decade” to “end of the parliament” to now “end of the day”. Most of these problems were forecast and described in the 1980s.
AnglofuturistParty@FuturistPartyGB
All of our crises (energy, housing, fertility, aging, pensions, immigration, emigration, political Islam, economic stagnation, being an overly service oriented economy, institutional rot, sickness & mental health, Russia, America, Schism in the CoE …. ) were telegraphed decades ago. However it was/is impolitic to do anything about them so here we are.
English
Structural challenges. How do I count thee?
Energy costs. Manufacturing plant/supply chain. Appropriate PhD shortage. Capital market interest and depth. Internationally experienced mgmt pool. AI regulatory risk...
Rachel Reeves@RachelReevesMP
This government will make the UK the best place in the world for quantum and AI companies to start, scale and stay. In a changing world, our economic plan is the right one. bbc.co.uk/news/articles/…
English
Nick Hutton รีทวีตแล้ว
🦔 Researchers at Aikido Security found 151 malicious packages uploaded to GitHub between March 3 and March 9. The packages use Unicode characters that are invisible to humans but execute as code when run. Manual code reviews and static analysis tools see only whitespace or blank lines. The surrounding code looks legitimate, with realistic documentation tweaks, version bumps, and bug fixes. Researchers suspect the attackers are using LLMs to generate convincing packages at scale. Similar packages have been found on NPM and the VS Code marketplace.
My Take
Supply chain attacks on code repositories aren't new, but this technique is nasty. The malicious payload is encoded in Unicode characters that don't render in any editor, terminal, or review interface. You can stare at the code all day and see nothing. A small decoder extracts the hidden bytes at runtime and passes them to eval(). Unless you're specifically looking for invisible Unicode ranges, you won't catch it.
The researchers think AI is writing these packages because 151 bespoke code changes across different projects in a week isn't something a human team could do manually. If that's right, we're watching AI-generated attacks hit AI-assisted development workflows. The vibe coders pulling packages without reading them are the target, and there are a lot of them. The best defense is still carefully inspecting dependencies before adding them, but that's exactly the step people skip when they're moving fast. I don't really know how any of this gets better. The attackers are scaling faster than the defenses.
Hedgie🤗
arstechnica.com/security/2026/…
English
Nick Hutton รีทวีตแล้ว
A little while ago I fell down the nuclear power rabbit hole, thanks largely to @WorksInProgMag.
When you understand the numbers, Britain's self-destruction of nuclear energy capacity and failure to go nuclear max becomes borderline criminal.
See this short thread.
James Clark 📈📉¯\_(ツ)_/¯@mr_james_c
@tomhfh If the UK built nuclear at the rate the French did and at the cost the Koreans do today, we could supply all our electricity needs for 100 years at roughly half the cost of a single year of NHS spending.
English
Nick Hutton รีทวีตแล้ว
China's biggest cybersecurity company apparently just shipped an AI assistant with its own SSL private key sitting inside the installer. Qihoo 360, think Norton or McAfee, but dominant across the entire Chinese market
It appears that their new AI product, 360安全龙虾 (Security Claw) bundles a wrapper on @OpenClaw. Inside the installer package - accessible to anyone who downloaded it - was a private SSL certificate key for the domain *.myclaw.360.cn. An SSL private key is essentially the master password to a website's encrypted connection. With it, an attacker can impersonate 360's servers, silently intercept user traffic, forge a login page that looks completely legitimate, or possibly take over the AI agent altogether. The cert is valid until April 2027 and covers every subdomain on the platform. It's now public. The founder launched the product with a promise it would "never leak passwords". It did that during release? 461 million users, a $10B valuation, and nobody checked the zip file before shipping. The cert expires April 2027.
English
Nick Hutton รีทวีตแล้ว
Come experience the development of lisp out of the MIT AI lab on the Symbolics LISP Machine at the icm.museum 9 minutes from #seatac in Tukwila Washington
Web Design Museum@WebDesignMuseum
On March 15, 1985, the first internet dot .com domain name, Symbolics . com, was registered to Symbolics Inc., a computer systems company in Cambridge. #InternetHistory
English
"The internet is now populated, in meaningful part, by sophisticated AI agents and automated accounts."
- Dead Internet theory is no-longer a theory.
digg.com
English
Long term trajectory of Dubai, and of UK, will be unaltered. Only one of them is headed for Lebanonization, and it’s not the one in the Middle East. bbc.co.uk/news/articles/…
English
If you are a UK director, Companies House have lost control of your private information. You could press the back button to read other people's data.
Companies House@CompaniesHouse
Our WebFiling service is currently unavailable due to a technical issue. We’re working to resolve the issue as quickly as possible. Read more: #service-availability-and-planned-maintenance" target="_blank" rel="nofollow noopener">gov.uk/government/org…
English
UK director? Companies House have lost control of your private information and have shut down their service.
Companies House@CompaniesHouse
Our WebFiling service is currently unavailable due to a technical issue. We’re working to resolve the issue as quickly as possible. Read more: #service-availability-and-planned-maintenance" target="_blank" rel="nofollow noopener">gov.uk/government/org…
English
@mr_james_c Numbers look bad? Just change the methodology and call it a "data quality improvement". Only do it for Pharma though, because otherwise it will be too obvious.
English
Did the administration believe that truly organic uprisings were a thing? Isn't there a sort of booklet you get handed about this sort of thing?
English
@NathanpmYoung The performative, cosmetic nature of it all. The self delusion, the millimetre-thick glossing and refusal to engage with any substance. The inability to discern news-cycle slop feedstock from matters of significance. It's all there.
English
Nick Hutton รีทวีตแล้ว
If you use a personal phone/laptop for your work, pay very close attention to this little detail.
Iran attackers wipe 200k devices at a company called Stryker. Within those devices appears to be employees PERSONAL devices.
The attackers used the company’s MDM software, which is basically IT management software running on everything. It’s an incredibly attractive backdoor to an attacker. I successfully targeted MDM software for several Red Team engagements. It’s… lots of fun :)
Anyway, a lot of companies require you to install their MDM software on your personal devices before you can access resources like Corp email. It’s used to keep devices updated, lock things down if they get stolen, etc. The company often promises that they won’t access personal data, erase any personal data, etc. But this is often ONLY POLICY. If a bad actor gains access to the MDM tool, as was the case here, then anything can happen.
People should be aware of these risks. I refused to run MDM software on any of my personal devices. The company needs to provide me with hardware if they want that. I personally isolate all corp devices to their own network too. If an adversary can get into the corp laptop, then can then get inside my network… there have been cases of it happening in the past.
Kim Zetter@KimZetter
I've published more details about the cyberattack in this piece: zetter-zeroday.com/iranian-hackti…
English