5/ Why is this interesting? Jantz is a (niche) cultural figure recasting the #Capitol siege in a positive light... away from the huge stigma it has for most...marketing it and making it look cool while taunting the feds in the process.
6/ Lest you think Forgiato Blow is completely marginal: he did a remixed Ice Ice Baby video with @vanillaice & @RickRoss in 2019. He also toured with Vanilla Ice for a minute.
7. Please, someone do a piece on the #MAGAhadeen aesthetic. Forgiato Blow is just the volume-knob-to-11 of the #tacticool look that is all over a certain kind of American's wardrobe right now.
8/ Can someone help me figure out whether Kurt Jantz is actually a @usairforce veteran?
• • •
Missing some Tweet in this thread? You can try to
force a refresh
VPN advertising is the most common source of security misinformation that I encounter.
By far.
So many people misplace their trust in dubious consumer VPN products.
The industry is a scourge.
VPNs don't do most of the things that podcasters imply they do.
Security:
Coffee shop attacks on unencrypted logins are a thing of a decade ago.
VPNs won't stop even the dumbest spyware & phishing.
Privacy:
Advertisers still know it's you when you turn on a VPN... they use many other identifying signals from your device, like your browser & advertising IDs. Those don't change when you turn on a VPN.
Trust:
A lot of VPN companies are shady.... and the industry is consolidating fast around some questionable players with concerning histories.
When you turn on a VPN you entrust all of your data to those companies.
BREAKING: NSO Group liable for #Pegasus hacking of @WhatsApp users.
Big win for spyware victims.
Big loss for NSO.
Bad time to be a spyware company.
Landmark case. Huge implications. 1/ 🧵
2/ In 2019, 1,400 @WhatsApp users were targeted with #Pegasus.
WhatsApp did the right thing & sued NSO Group.
NSO has spent 5 years trying to claim that they are above the law.
And engaged in all sorts of maneuvering.
With this order, the music stopped and NSO is now without a chair.
3/ Today, the court decided that enough was enough with NSO's gambits & efforts to hide source code.
Judge Hamilton granted @WhatsApp's motion for summary judgement against the #Pegasus spyware maker.
The judge finds NSO's hacking violated the federal Computer Fraud & Abuse Act (#CFAA), California state anti-fraud law #CDFA, and was a breach of contract.
What happens next? The trial proceeds only on the issue of resolving damages stemming from NSO's hacking.
Company has a majority of the US market share for homes & small biz.
Concerns stem from repeated use in cyberattacks from #China & concerns over supply chain security.
Reportedly an office of @CommerceGov has subpoenaed the company. 1/
Story by @heathersomervil @dnvolz & @aviswanatha
2/ @TPLINK has quickly grown market share, even as concerns have grown over vulnerabilities in the routers being used in #China-linked hacking operations.
3/ As Microsoft's @MsftSecIntel reported earlier this year, for example, #TPLINK routers make up the bulk of the CovertNetwork-1658 attack infrastructure.
This operator was conducting so-called password spray attacks, and taking steps to be discrete.
The credentials are then used by multiple #China-based threat actors....
Use only end-to-end encrypted communications says @CISAgov.
YES!
End-to-end encryption is critical infrastructure for a safe society.
Plenty of other solid guidance for mobile users at risk here.
Let's look at their #iPhone & #Android-specific recs... 1/
2/ @CISAgov's top recommendation for Apple users is to✅ enable #LockdownMode
It's my top guidance for high-risk #iPhone users..
Because as researchers tracking sophisticated threats we see Lockdown Mode blunt advanced attacks...
Other solid guidance:
✅Protect your DNS
✅Disable fallback to SMS
✅Enroll in iCloud Private Relay
✅Trim App permissions.
3/ @CISAgov's guidance for #Android starts from the unavoidable fact that many Android manufacturers truly don't respect users security or privacy.
So ✅pick a company that won't leave you insecure after 2-3 years.
Other good guidance here includes...
✅ Only use RCS with end-to-end encryption
✅ Using Android Private DNS
✅ Use Enhanced Protection for Safe Browsing
✅ Google Play Protect
✅ Manage permissions.
3/ There's an active global market for companies whose product line revolves around abusing the trusting nature of call routing to conduct surveillance.
We @citizenlab ran scans & mapped deployments of this tech by one such player: Circles.
Circles had previously merged with NSO Group, which makes #Pegasus.
NEW: police in #Serbia caught unlocking activists phones with @Cellebrite's mobile forensic tools & planting spyware on them.
Incredibly troubling investigation by @AmnestyTech delves into how the Serbian authorities mix a toxic brew of repression out of homegrown + foreign mercenary spyware like #Pegasus + $CLBT's forensic tools possibly supplied as part of foreign assistance from #Norway. 1/