The #CIA has confirmed that when it scanned Director #JohnRatcliffe's phone for #Signalgate messages, they were gone. That is in violation of public records laws.
https://s3.documentcloud.org/documents/25897157/ciasignalgate.pdf
Recherches récentes
Options de recherche
#opsec
11 messages10 participants0 message aujourd’hui
-- Draw the Circle or Be Consumed --
>OPSEC isn’t what happens before the real work. It is the real work that determines whether anything else becomes possible.<
The universe doesn’t give a fuck about your intentions. Neither does any state’s surveillance apparatus. Both operate on cold deterministic principles that render your revolutionary potential to ash the moment you treat OPSEC as optional.
Let me be painfully clear: your movement will collapse with mathematical certainty unless security is the foundation, not the afterthought.
...
Read More:
https://pixelnull.substack.com/p/draw-the-circle-or-be-consumed
Recursive Blasphemy · Draw the Circle or Be Consumed
Hey #fediverse I could use some #opsec advice:
If I have a CMS, and its login page uses SSO with another 3rd party for authentication, I shouldn't need to lock that login page down by IP address should I? Isn't the security of it contingent on the 3rd party providing the SSO not me?
A répondu dans un fil de discussion
Been thinking of getting experienced on a new topic, Intelligence.
Any tools, or guides, or other topics you would recommend looking at?
I'm not expecting answers like Shodan or Google Dorking but more towards Intel management, tools and analytics
RaspberryPi Zero2w serves whole world and terrain from 256 GB MicroSD card. Pictured white box contains RPi and creates wifi access point. Phone attached to AP and browser allows you to browse full world map. No need for Internet connectivity or SIM card in you phone. Perfect tool for preparedness and denied area planning.
https://youtube.com/shorts/TAY2yY8TAoY?si=Xg8AUInWEFspJsMe
youtube.comAvant d'accéder à YouTube
I talked a boatload of shit today about RFK, the Federal judiciary enabling Ostarbeiter to take place in the US, RFK's desire for concentration camps for ADHD & autistic folks, & the DOJ dropping charges on the Texas doctor who went after trans patients & violated HIPAA.
At the end of the day, every patient agreed that deleting their ASD diagnosis was the right thing to do right now.
Why do I share this?
Im urging all providers to have similar conversations with patients before September. Some may glean services from ASD diagnosis. Factor in a risks benefit discussion. Let them decide.
It's urgent.
Sources:
Federal enabling: https://apnews.com/article/illegal-immigration-immigrant-registry-trump-homeland-security-329d9b1523792aaf5940f72948d8b48b
Ostarbeiter: https://mstdn.social/@Npars01/114316065490008662
RFK 1: https://www.cbsnews.com/news/rfk-jr-cause-of-autism-research/
DOJ: https://www.texastribune.org/2025/01/24/transgender-care-data-leak-texas-childrens-hospital/
Further, autism self diagnosis is largely valid & UWash website has links.
AP News · Judge allows requirement that everyone in the US illegally must register to move forward
#question #didyouknow #todayilearned #til
Windows is reinstating Recall,
Snapshots of screen saved every 3 seconds and fed to AI.
Previously introduced in May, 2024 to some backlash.
(...)"a gold mine for malicious insiders, criminals, or nation-state spies if they managed to gain even brief administrative access to a Windows device."
(...)"nothing stopping Recall from preserving sensitive disappearing content sent through privacy-protecting messengers such as Signal."
(...)"Windows 11 Build 26100.3902 preview version. Over time, the feature will be rolled out more broadly."
(...)"That would indiscriminately hoover up all kinds of User A's sensitive material, including photos, passwords, medical conditions, and encrypted videos and messages."
(...)"That level of detailed archival material will undoubtedly be subject to subpoena by lawyers and governments."
etc. etc.
Yeah...
One MicroSD card and Raspberry PI. With $35 + $24 you get totally off the grid planning environment for your tasks. Plan and coordinate regardless access to infrastructure like cellular or satcom. Sometimes it's also good if you don't leave traces to great firewalls. Edgemap is open source and available at my Github for free!
#edgemap #preparedness #offthegrid #opsec #tak #atak #mesh #manet #meshtastic
youtu.be- YouTubeProfitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
A répondu dans un fil de discussion
@HonkHase ja, die #OpSec jener #KRITIS ist quasi nichtexistent.
- Und nein, ich werde nicht in Details gehen.
Nur soviel: Mich bezahlt keine*r die dazu authorisiert sind für's #Pentesting!
A répondu dans un fil de discussion
Interesting seeing what older blog posts of mine have started trending upward over the past few months. So far, the following:
- Installing Wireguard: https://www.markloveless.net/blog/2024/5/14/installing-wireguard
- Digital Tracking: https://www.markloveless.net/blog/2022/6/28/digital-tracking
- The Hacker Burner Phone: https://www.markloveless.net/blog/2021/5/20/hacker-burner-phone
I wonder why? 
Mark LovelessInstalling Wireguard — Mark LovelessThere are a lot of decent tutorials online about Wireguard setup. I’m not claiming this is one of them, but this is about a real world implementation.
The chiropractors of IT #itsecurity #opsec #itsec
Here's a somewhat novel #LinkedIn connection request scam.
I am not, actually, connected to the person named in the message sent with this connection request. In other words, "Notice you're connected with her," is simply a lie. Did they think I wouldn't notice, or what? I suppose maybe some people wouldn't.
Needless to say I blocked this person. I am careful in general about whom I connect with on LinkedIn, but I especially don't want to interact with dirtbag scammers.
#infosec #opsec #scam
![LinkedIn connection request from "Paul Bereschi", whose bio line describes him as "Engineering Teams for Ambitious Founders | Sales and Marketing Specialist @ Duty…"
The message in the connection request says, "Hi Jonathan - do you know [blurred] personally? Noticed you're connected with her. We worked with her on the [blurred] website. Let's connect as well!"](https://cdn.masto.host/federatesocial/media_attachments/files/114/297/076/434/130/753/original/9914cdf56d4aca9c.png "LinkedIn connection request from \"Paul Bereschi\", whose bio line describes him as \"Engineering Teams for Ambitious Founders | Sales and Marketing Specialist @ Duty…\"
The message in the connection request says, \"Hi Jonathan - do you know [blurred] personally? Noticed you're connected with her. We worked with her on the [blurred] website. Let's connect as well!\"")
Are activists still using proton mail? What's a good provider for an antizionist group?
En réponse à Robert [KJ5ELX] 
@0xF21D The way I see it is that even if end-user device security is poor, proper E2EE such as that used by Signal still provides a significant benefit: It shifts the burden of an attacker from wholesale dragnet surveillance (which is easy to do in bulk) to focused attack targetting (very difficult to do in bulk, especially inconspiciously).
*Even if* device security sucks, which would equally impact other services as well, that *still* provides a privacy benefit.
Don't let the mainstream news media convince you that #signal is a bad choice for end-to-end encryption. What the media fails to do is convince you that the state of security on end user devices ends up bad because people are prone to making bad decisions.
It was the Iphone Contact algorithm all along!
https://www.theguardian.com/us-news/2025/apr/06/signal-group-chat-leak-how-it-happene
Suite du fil
If you are partaking in a #protest, please do think of your and others' #OpSec (operational security). Depending on the protest, you might want to have it not linkable to your personal identity.
Some tips:
- Consider taking measures that protect your identity. Wear a mask, wear clothes that you don't normally wear. Conceal any markings like tattoos and piercings.
- Make sure you and fellow protestors are safe at any given time - wherever feasible. Help and advice others if you can.
- No matter how secure your phone is - cellular connections do broadcast your location. Even if you take out the SIM. Either leave your phone at home or get a burner, paid with cash. And never, ever turn it on at home, at work or places that can be linked to you.
- Do not link any IRL identities on that phone. Use a resilient app like @briar for communication during the protest. Briar is able to withstand internet and comms blackouts.
2/
So, folks - we need to have a chat. I've seen a large number of #handsoff #protest photos. While I am deeply grateful to anyone protesting in whatever form, please keep from posting photos that reveal faces and/or identities of people you haven't have explicit permission from.
#OpSec is incredibly hard - protestors might not be aware of the (possible) consequences of having their identities posted and shared online.
It still needs to be a choice, whether any individual wants to be linked to the protest they've partaken in. Even if they did not wear a mask.
1/