matt blaze

All Photos Twitter.com
@Walshman23 Tl;dr: If trained CIA officers can’t do it reliably well, you probably can’t, either.
Retweeted by matt blaze
@Walshman23 For a taste of what’s (routinely) possible, this talk is an excellent example. m.youtube.com/watch?v=BwGsr3…
Retweeted by matt blaze
@Walshman23 There are automated tools used by law enforcement, intelligence agencies, and telcos to identify burner devices and who’s likely using them (or close to them in the same network of users).
Retweeted by matt blaze
@Walshman23 How did you pay for it? Do you power the phone up at home? Does it travel with you or your other phone? Are the people you contact with it part of the same network you are? Etc. There’s a LOT to consider, and it requires constant attention not to inadvertently create links.
Retweeted by matt blaze
“Who do you think you are?” Someone with an ounce of self-respect.
My rule - and it should be your rule, too - is that if your initial contact with me is rude or aggressive, I will not take you seriously. Ever. I’ll probably block you, and I’ll forever consider you beneath serious consideration. Here or anywhere. Life’s too short, etc.
@rthille @mikekelly85 @benedictevans Not everything requires the use of a platform supplied by the service provider. See, for example, the Web.
Retweeted by matt blaze
@mikekelly85 @benedictevans I did, but I’m not interested in debating you, because you’re rude and are acting like a bozo.
Retweeted by matt blaze
@mikekelly85 @benedictevans I’m not going to apologize for knowing about stuff. Knowing about stuff is good.
Retweeted by matt blaze
@mikekelly85 @benedictevans But if you’re saying the Internet shouldn’t be built around interoperable standards, good luck with that.
Retweeted by matt blaze
@mikekelly85 @benedictevans You can use all the scare quotes you want, but I actually am something of an “expert” on this subject. Feel free to Google me. Using your (encrypted) web browser. Which needn’t be supplied by Google.
Retweeted by matt blaze
@GaiaXFakten @NastyOldWomyn @Ridge_Cook As I said, I don’t. But thwarting standard investigative techniques and carrier data collection (with which I’m quite familiar) is likely possible, but impractical for most people (and requires a great deal of carefully disciplined work).
Retweeted by matt blaze
@NastyOldWomyn @Ridge_Cook Mostly as an exercise, I maintain a couple burner phones in a way that gives me moderately high confidence can't be linked to me. It's extremely difficult, expensive, fragile, and inconvenient. And requires using almost everything I know about communications systems and security.
Retweeted by matt blaze
@NastyOldWomyn @Ridge_Cook So I wrote this, but it's very technical and not aimed where you're asking: mattblaze.org/blog/faraday . One of the problems is that the range of threats a faraday bag solves is narrow, and understanding what it does and doesn't help with requires both deep and broad knowledge.
Retweeted by matt blaze
People with no experience securing complex systems tend to be much more optimistic about our ability to do this.
"We must not have a projection spotlight gap!"
I'm picturing the ambassador hurriedly sending some flunky to the nearest Home Depot to buy whatever spotlights they have in stock.
The fact that BOTH the embassy and the ambassador's residence now have their own projection spotlight countermeasures lights is, frankly, hilarious.
The ambassador's residence and the embassy are two different places, by the way. The embassy is a large compound somewhat out of the way in Mount Alto on Wisconsin Ave NW. The ambassador's residence is a small complex of three mansions on 16th St NW, just north of BLM plaza.
All war is hell, and the war in Ukraine especially so, but the battle of the projection spotlights at the Russian ambassador's official DC residence may be a rare exception. twitter.com/benjaminwittes…
@notaname If you actually think I advocate solving social problems with technology as you claim, you are completely unfamiliar with my work or you're being willfully disingenuous.
Retweeted by matt blaze
The fact that you happen to have extreme and controversial views based on a poor factual foundation is only a coincidence, I'm sure.
Yes, person or thing who just created its account and has zero followers in common You are definitely a real person interested in honest debate who deserves to be taken very seriously.
@notaname There's no reason an app has to be provided by the service provider, even with encryption. For a familiar example, see web browsers. If you'd like information on how the Internet, cryptography, standards, and computers work, I can probably suggest some books.
Retweeted by matt blaze
@notaname Nonsense. The software running on my computer may or may not have been supplied by the same or a different entity that provides services it interacts with. For example, you can interact with my web site using a browser, operating system, and computer over which I have no control.
Retweeted by matt blaze
If you want to say "We think the Internet should be even less secure than it currently is", go ahead and say that, but be prepared for people to, um, disagree. And that's what they're saying here.
This current proposal is EU-specific. But variations on this same non-workable idea keep getting shopped around internationally. There's a reason nothing has actually been adopted.
This is utterly exhausting. We keep having the same conversation over and over, and they keep hoping the basic science will magically change. Child sexual abuse material is *bad*. Everyone agrees on that. But that doesn't mean magic solutions can be made to exist.
Securing communication and data on the Internet is *hard*. That's why there are so many criminal data breaches and other spectacular security failures. End-to-end encryption is one of the few tools we have that actually works well. Please don't take it away.
Sigh. If they want to allow end-to-end encryption, as they claim, then providers *can't* access the content. That's how end-to-end encryption works. If they can, it's not end-to-end (and it's inherently more complex and less secure). twitter.com/AlecMuffett/st…
I’m unreasonably delighted by this escalation. twitter.com/benjaminwittes…
Make Borscht, Not War
"Don't carry a smartphone" is not a viable solution for many people. So understanding the potential ways in which they might harm you (especially if compromised) and the limits of various countermeasures against them is an extremely useful self-help security exercise.
For example, modern phones have a rich collection of microphones, cameras, environmental sensors, radios, memory, and processing, and are often sealed in ways that make it difficult to be sure that they're really off. What does a Faraday bag prevent? What does it NOT prevent?
It's also an interesting exercise in security assurance. Suppose your phone might controlled by malicious software/firmware. What are the various ways it might misbehave? How might they harm you? What can you do to control them? In what ways are you still vulnerable? Etc.
But if you ARE interested in doing somewhat esoteric testing, it’s a great RF nerd project.
People asking about DIY and commercial Faraday bags, so re-upping this. Tl;dr: unless you’re equipped to do fairly esoteric testing, a good commercial bag is a much better, if somewhat pricey, choice. mattblaze.org/blog/faraday/
I know it sounds like this can’t possibly be right, but that’s usually the case with “quantum” things.
So remember: “post-quantum cryptography” has basically nothing to do with “quantum cryptography” (a different subject), but rather with non-quantum algorithms that are secure against quantum computers. Simple, right?
It seems to be time to retweet this distinction, which press articles often confuse. You’re welcome. twitter.com/mattblaze/stat…
The pro-virus trolls are all "See! This proves masks and vaccines are useless". The fact that cars have seatbelts and airbags doesn't mean we don't need to avoid auto accidents. Things don't have to be perfect to be useful or necessary. Normal people who aren't trolls know this.
And the president of the US, perhaps the most well-protected person in the free world, was there. Imagine if the Secret Service had been told, "don't worry, we screened out 98% of the armed homicidal maniacs from the crowd." They'd whisk him away before you could blink.
Everyone there was vaxed and boosted and had had a negative rapid antigen test that day. And while those are very effective, they aren't 100% effective. Unmasked people eating and talking shoulder-to-shoulder in an at-capacity room is an extremely unforgiving environment.
So it turns out that the WHCD, held in the same subbasement ballroom of the Hinkley Hilton that kept me away from Shmoocon this year, is shaping up to have been a superspreader event. Hope people make it through OK. twitter.com/DrEricDing/sta…
This is what they were holding their noses with Trump to get.
I can't stop thinking about the words I would try to find to comfort her in the difficult, angry phone call I know we'd be having right now.
A small and bitter mercy is that my mother is not alive today to hear this news. It would devastate her.
How about those clothes at that fancy event tonight, huh? Hard to imagine we'll be talking about much el
Twiends™ uses the Twitter™ API, displays it's logo & trademarks, and is not endorsed or certified by them. These items remain the property of Twitter. We do not sell followers, we only provide display advertising. Bots & fake accounts are not permitted on twiends. © 2009
Grow Your Twitter Free
Want To Grow Your Twitter?
We help other people find and follow you on Twitter.
Key Info:
Started in 2009
Over 6 million signups
Country targeting provided
We never auto tweet to your timeline
We never auto follow others
We actively moderate our community
Please Share
Please upgrade your browser  chrome