Share this page!

Enter Twitter Thread URL to Unroll

Needs to be the full URL like: https://twitter.com/threadreaderapp/status/1644127596119195649

How to get URL link on Twitter App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
John Scott-Railton Profile picture
@jsrailton
Sep 7 5 tweets 3 min read Twitter logo Read on Twitter
Scrolly
🚨 Update your @apple products immediately!

Last week we @citizenlab discovered a new #Pegasus zero-click exploit chain.

(No clicking required to infect latest iOS!)

Found while checking civil society.

Disclosed to Apple which rushed a patch 1/
citizenlab.ca/2023/09/blastp…
Image
2/ We found the #BLASTPASS exploit chain thanks to an unnamed victim.

Once more, civil society, is serving as the cybersecurity early warning system for... billions of devices around the world.

Including you, if you're reading this on your iPhone. Or Mac. Image
3/Update your #iPhone right away.

And then, if you are at risk because of who you are or what you do, enable #Lockdown mode.

As my colleague @billmarczak says "it's the one weird trick NSO hates" Image
4/ UPDATE on #BLASTDOOR exploit:

We believe, and @Apple's Security Engineering and Architecture team has confirmed to us, that Lockdown Mode blocks this particular attack.

(Obviously you should also make sure to update!) Image
5/ What's Lockdown Mode?

✅available to anyone with a recent iPhone
✅Enabled in seconds.
✅Locks down routes hackers often use to infect phones.

Result:

✅phone in your pocket is much more expensive to hack.

You should probably use it.
support.apple.com/en-ca/HT212650
Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Scott-Railton

John Scott-Railton Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jsrailton

John Scott-Railton Profile picture
Sep 9
Remember when we collectively identified #ZipTieGuy Eric Munchel?

He was just sentenced to 57 months in prison. 1/ Image
2/ We'll never know how much worse things could have gone without the speedy evacuation of the senators.

But the judge made it clear: the intention was to take hostages. Image
3/ Munchel brought weapons & tactical vests to the Capitol with his mom Lisa Eisenhart

She got a 30 month sentence.

Memory: I still remember shelling out to buy the license of a hires photograph of them together so i could tweet it one time (pic: different image pictured)

Image
Image
Image
Read 4 tweets
John Scott-Railton Profile picture
Sep 7
BREAKING: #Poland's Senate investigation into #Pegasus hacking released.

Found "gross violations of constitutional standards"

Says 2019 elections where #Pegasus was used against opposition leadership were not fair.

(Pics: Machine translated) Report: senat.gov.pl/aktualnoscilis…


Image
Image
Image
2/ #Poland's Senate Commission also concluded that the purchase of #Pegasus was illegal, and that the spyware cannot be legally used under Polish law. Image
3/ #Poland's #Pegasus Commission also notifies the Prosecutor's office of the possibility that current & former ministers may have been implicated in the criminal acquisition & use of the spyware.

Wow. Image
Read 4 tweets
John Scott-Railton Profile picture
Sep 4
Vivek Ramaswamy's team is crafting absurd tweets so you can dunk on them.

Your engagement is the goal.

You are being rage farmed.

All Twitter's algorithm sees when you quote tweet is a signal to further boost the content.

Quote tweet friends, screenshot enemies.
Vivek Ramaswamy has little substance.

His team knows it.

How do they center him in the conversation?

Plagiarize the Bobert, MTG, et. al. playbook: steady stream of outlandish statements people feel an irresistible need to disagree with & call out.
Politicians crafting stunts for attention is as old as time.

But, simplifying a bit, algorithmic feeds consistently reward content that generates engagement.

Doesn't have to be positive.

So 100 times out of 100 stunts get prioritized over substance.
Read 5 tweets
John Scott-Railton Profile picture
Aug 26
Hmm: sanctioned spyware maker NSO Group still lobbying in🇺🇸US.

Latest target: American Bar Association (@ABAesq)

Fact: NSO's claims to help US NatSec =contradicted by US Gov.

Maybe they're hoping American lawyers have been living under a rock?

#FARA
efile.fara.gov/docs/6743-Info…



Image
Image
Image
Image
My take: having epically struck out with the 🇺🇸US Government & gotten sanctioned...

NSO Group seeks to to discretely erode the US policy position about mercenary spyware by way of targeting conversations happening legal profession.

Why now? Well..
Governments have begun taking actions on spyware companies.

Next phase = crafting effective regulations.

Complex process with many stakeholders.

NSO wants to get in as early as possible to reduce the risk they get effectively regulated.
Read 5 tweets
John Scott-Railton Profile picture
Aug 22
The UK wants the ability to stop companies from patching vulnerabilities.

Catastrophically shortsighted.

Any tech product that stays will be suspect in the global marketplace.

The sector will flee.

Goodbye tech investment & jobs.

By @IoannisKouvakas
justsecurity.org/87615/changes-…
While the proposal does not specify what technical changes would require notification, these may include changes in the architecture of software that would interfere with the U.K.’s current surveillance powers. As a result, an operator of a messaging service wishing to introduce an advanced security feature would now have to first let the Home Office know in advance. Device manufacturers would likely also have to notify the government before making available important security updates that fix known vulnerabilities and keep devices secure. Accordingly, the Secretary of State, upon receiving...
You can't be globally competitive when you need a UK bureaucrat to OK emergency updates fixing an actively exploited flaw.

And you can't be trusted when the #UK Government can secretly stop you from securing your users.

Expect a #Techsit.
IPA Hypothetical:

Cybercriminals find iPhone vulnerability. Use it hack *any iphone.*

Apple discovers & fixes with a rush patch.

...but now they must ask UK!

After a bureaucratic delay UK decides patch might slow down spying.

Instructs Apple to not secure a billion users. Against this backdrop, the main issue Objectives 3 and 4 jointly pose is that the United Kingdom could breach international human rights law by, for example, preventing a communications services provider from either fixing security gaps in software through the provision of security updates or applying advanced protections such as end-to-end encryption to their services, at a global level. Specifically, these measures not only are unlikely to survive the necessity and proportionality test enshrined in Article 8 of the European Convention on Human Rights (ECHR), which guarantees the right to ...
Read 4 tweets
John Scott-Railton Profile picture
Aug 15
Report finds Musk slows traffic to websites he dislikes.

I expect his experimentation w/soft censorship to influence US politics will accelerate as the 2024 election approaches.

By @jeremybmerrill & @drewharwell
https://t.co/i7VbQ9vP2Lwashingtonpost.com/technology/202…
Image
Musk has made it much harder for researchers to track manipulation *on and by Twitter*

He's even suing some.

Now, with less accountability he is, predictably, trying to manipulate user behavior through the platform.

Dangerous and outrageous. Image
53% of users abandon a site that takes >3 seconds to load.

Musk added a 5 second delay.

He knows exactly what he is doing to these news sites.

Source: https://t.co/wa9Ok78Uj2thinkwithgoogle.com/consumer-insig…
Image
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(