Rick Valenzuela
@threatc.at
threat detection. distant past: journalist.
🍜 Slurp with gusto
http://infosec.exchange/@rv
TnFxIHpyIHNiZSBndXIgb3JmZyBpcnRyZ25ldm5hIFRyYXJlbnkgR2ZiJ2YgZXJwdmNyIHZhIGd1ciBoYXZpcmVmcg==
🍜 Slurp with gusto
http://infosec.exchange/@rv
TnFxIHpyIHNiZSBndXIgb3JmZyBpcnRyZ25ldm5hIFRyYXJlbnkgR2ZiJ2YgZXJwdmNyIHZhIGd1ciBoYXZpcmVmcg==
New security risk unlocked, eSIMs edition, and especially the kind you pick up prepping for an international trip
www.itnews.com.au/news/travel-...
www.itnews.com.au/news/travel-...
Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study
Convenient tech brings big bundle of security and privacy risks.
www.itnews.com.au
August 19, 2025 at 7:36 PM
New security risk unlocked, eSIMs edition, and especially the kind you pick up prepping for an international trip
www.itnews.com.au/news/travel-...
www.itnews.com.au/news/travel-...
Photo- and videojournalists now have until Aug 8 to brush up on Filezilla or Cyberduck, or ask an old head
wetransfer.com/explore/lega...
wetransfer.com/explore/lega...
July 15, 2025 at 2:05 PM
Photo- and videojournalists now have until Aug 8 to brush up on Filezilla or Cyberduck, or ask an old head
wetransfer.com/explore/lega...
wetransfer.com/explore/lega...
Android users now have an analog to iPhone's Lockdown Mode, so now basically everyone can opt in to a more secure phone/tablet. It's part of Google's Advanced Protection Program, which if you use Gmail and work/move in a space where you're more likely to be targeted, is a great thing to enroll in
Advanced Protection: Google’s Strongest Security for Mobile Devices
Posted by Il-Sung Lee, Group Product Manager, Android Security Protecting users who need heightened security has been a long-standing com...
security.googleblog.com
May 16, 2025 at 3:19 PM
Android users now have an analog to iPhone's Lockdown Mode, so now basically everyone can opt in to a more secure phone/tablet. It's part of Google's Advanced Protection Program, which if you use Gmail and work/move in a space where you're more likely to be targeted, is a great thing to enroll in
Reposted by Rick Valenzuela
I've been traveling so forgive me for not posting this yesterday, but: That Signal clone app for archiving messages that Mike Waltz has been using, TeleMessage? It's unlicensed. Signal was unaware of its existence until they saw it in that Reuters photo. There's no known security vetting.
Photo appears to show Mike Waltz using Signal-like app that can archive messages
More than a month after he drew criticism for using Signal to discuss an impending military attack, Waltz was seen using what appears to be a different messaging app to message others in the Trump adm...
www.nbcnews.com
May 3, 2025 at 3:56 PM
I've been traveling so forgive me for not posting this yesterday, but: That Signal clone app for archiving messages that Mike Waltz has been using, TeleMessage? It's unlicensed. Signal was unaware of its existence until they saw it in that Reuters photo. There's no known security vetting.
Reposted by Rick Valenzuela
Great account of what networked incitement looks like in the year 2025. Kudos to @nedmparker1.bsky.social, @mikespector.bsky.social, @bypetereisler.bsky.social, @lindasoreports.bsky.social & @nateraymond.bsky.social
These judges ruled against Trump. Then their families came under attack.
As federal judges rule against the Trump administration in dozens of politically charged cases, the families of at least 11 of the jurists have been targeted with threats and harassment. The intimidation campaign has strained judges and their relatives – and legal scholars fear it could have a chilling effect on the judiciary.
www.reuters.com
May 2, 2025 at 9:35 PM
Great account of what networked incitement looks like in the year 2025. Kudos to @nedmparker1.bsky.social, @mikespector.bsky.social, @bypetereisler.bsky.social, @lindasoreports.bsky.social & @nateraymond.bsky.social
For my NJ people who would want to know this, really good air filters don't have to be expensive. Literally talking ~$30. In front of a strong fan, stack an activated carbon filter on top of a HEPA filter and that will screen out both the things you want, volatile organic compounds (VOCs) and PM2.5
How to Make a DIY Air Purifier for Your Home – Smart AirFacebook social iconTwitter social iconInstagram social iconLinkedIn social iconYouTube social icon
5 Simple Steps to make a homemade DIY air purifier to reduce air pollution and viruses in your home--plus actual test data showing the DIY filter works.
smartairfilters.com
April 24, 2025 at 5:26 PM
For my NJ people who would want to know this, really good air filters don't have to be expensive. Literally talking ~$30. In front of a strong fan, stack an activated carbon filter on top of a HEPA filter and that will screen out both the things you want, volatile organic compounds (VOCs) and PM2.5
Reposted by Rick Valenzuela
The U.S. IC (at least the leadership)
April 1, 2025 at 7:53 PM
The U.S. IC (at least the leadership)
ICYMI last week, reupping a digital security tip sheet I helped write with @bostonjoan.bsky.social. More than a few new ones have dropped since January -- the main goal of this one is to give you 5 things you can do to minimally but meaningfully raise your security
📢 NEW: Our introductory tip sheet on digital security for journalists & civil servants working under pressure. 📢
Co-authors @bostonjoan.bsky.social & @threatc.at offer 📌 five basic steps 📌 for truth-telling practitioners to protect their work & their communities www.criticalinternet.org/research
Co-authors @bostonjoan.bsky.social & @threatc.at offer 📌 five basic steps 📌 for truth-telling practitioners to protect their work & their communities www.criticalinternet.org/research
Research — The Critical Internet Studies Institute
www.criticalinternet.org
March 25, 2025 at 4:15 PM
ICYMI last week, reupping a digital security tip sheet I helped write with @bostonjoan.bsky.social. More than a few new ones have dropped since January -- the main goal of this one is to give you 5 things you can do to minimally but meaningfully raise your security
Not me trying to upload pics from my phone to see if they also show up glitched like the thread I just worked on from laptop
March 25, 2025 at 4:00 PM
Not me trying to upload pics from my phone to see if they also show up glitched like the thread I just worked on from laptop
Reposted by Rick Valenzuela
📢 NEW: Our introductory tip sheet on digital security for journalists & civil servants working under pressure. 📢
Co-authors @bostonjoan.bsky.social & @threatc.at offer 📌 five basic steps 📌 for truth-telling practitioners to protect their work & their communities www.criticalinternet.org/research
Co-authors @bostonjoan.bsky.social & @threatc.at offer 📌 five basic steps 📌 for truth-telling practitioners to protect their work & their communities www.criticalinternet.org/research
Research — The Critical Internet Studies Institute
www.criticalinternet.org
March 19, 2025 at 3:15 PM
📢 NEW: Our introductory tip sheet on digital security for journalists & civil servants working under pressure. 📢
Co-authors @bostonjoan.bsky.social & @threatc.at offer 📌 five basic steps 📌 for truth-telling practitioners to protect their work & their communities www.criticalinternet.org/research
Co-authors @bostonjoan.bsky.social & @threatc.at offer 📌 five basic steps 📌 for truth-telling practitioners to protect their work & their communities www.criticalinternet.org/research
Reposted by Rick Valenzuela
The ICC either has massive operational hurdles, or a hell of a business continuity plan. When Trump sanctioned the ICC, the Guardian reported internal worries about their reliance on Microsoft Azure and that suspending access would "paralyse its investigations"
www.theguardian.com/law/2025/jan...
www.theguardian.com/law/2025/jan...
March 11, 2025 at 2:11 PM
The ICC either has massive operational hurdles, or a hell of a business continuity plan. When Trump sanctioned the ICC, the Guardian reported internal worries about their reliance on Microsoft Azure and that suspending access would "paralyse its investigations"
www.theguardian.com/law/2025/jan...
www.theguardian.com/law/2025/jan...
In other not-good news, standing down Cyber Command planning on Russia isn’t only bad for Ukraine, but also elections and fighting crime. It worked on election interference (and there’s a bunch of European elections coming up) and Defend Forward took down TrickBot
therecord.media/hegseth-orde...
therecord.media/hegseth-orde...
Exclusive: Hegseth orders Cyber Command to stand down on Russia planning
The secretary of Defense has ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions, sources tell Recorded Future News.
therecord.media
February 28, 2025 at 8:58 PM
In other not-good news, standing down Cyber Command planning on Russia isn’t only bad for Ukraine, but also elections and fighting crime. It worked on election interference (and there’s a bunch of European elections coming up) and Defend Forward took down TrickBot
therecord.media/hegseth-orde...
therecord.media/hegseth-orde...
Reposted by Rick Valenzuela
Technology is inherently political. Anyone who says otherwise is either being disingenuous or is ignorant of history.
a rainbow with the words " be more you know " and a star
ALT: a rainbow with the words " be more you know " and a star
media.tenor.com
February 26, 2025 at 5:51 PM
Technology is inherently political. Anyone who says otherwise is either being disingenuous or is ignorant of history.
Reposted by Rick Valenzuela
Three online "news" stories published this week that include quotes from me that I didn't say. But I didn't do interviews and get misquoted. And they're not written by actual journalists.
My best guess is there are massive amounts of AI slop getting posted as news and now I'm part of it. 😬
My best guess is there are massive amounts of AI slop getting posted as news and now I'm part of it. 😬
February 21, 2025 at 12:28 PM
Three online "news" stories published this week that include quotes from me that I didn't say. But I didn't do interviews and get misquoted. And they're not written by actual journalists.
My best guess is there are massive amounts of AI slop getting posted as news and now I'm part of it. 😬
My best guess is there are massive amounts of AI slop getting posted as news and now I'm part of it. 😬
Reposted by Rick Valenzuela
Second round of layoffs at the Cybersecurity and Infrastructure Security Agency definitely happening now. I've heard from at least two laid-off employees tonight.
February 20, 2025 at 2:02 AM
Second round of layoffs at the Cybersecurity and Infrastructure Security Agency definitely happening now. I've heard from at least two laid-off employees tonight.
well damn. aquafaba works great
chocolate chip banana bread, sans eggs
chocolate chip banana bread, sans eggs
February 13, 2025 at 4:28 PM
well damn. aquafaba works great
chocolate chip banana bread, sans eggs
chocolate chip banana bread, sans eggs
Reposted by Rick Valenzuela
The "large scale social deception" contract Musk is conspiracizing about was:
* first awarded under Trump
* paid to Reuters' data division, not the newsroom
* for researching *defenses* against deception
* not revealed by "DOGE investigations" and was a public record, visible online for many years
* first awarded under Trump
* paid to Reuters' data division, not the newsroom
* for researching *defenses* against deception
* not revealed by "DOGE investigations" and was a public record, visible online for many years
February 13, 2025 at 3:34 PM
The "large scale social deception" contract Musk is conspiracizing about was:
* first awarded under Trump
* paid to Reuters' data division, not the newsroom
* for researching *defenses* against deception
* not revealed by "DOGE investigations" and was a public record, visible online for many years
* first awarded under Trump
* paid to Reuters' data division, not the newsroom
* for researching *defenses* against deception
* not revealed by "DOGE investigations" and was a public record, visible online for many years
Bruce Schneier and Davi Ottenheimer lay out in clear, concise terms how DOGE is opening up the government and the country to threats. Cybersecurity can sound exciting, but a lot of it is sober, established policy and process. It's a good read.
foreignpolicy.com/2025/02/11/d...
foreignpolicy.com/2025/02/11/d...
DOGE Is Hacking America
The U.S. government has experienced what may be the most consequential security breach in its history.
foreignpolicy.com
February 12, 2025 at 9:01 PM
Bruce Schneier and Davi Ottenheimer lay out in clear, concise terms how DOGE is opening up the government and the country to threats. Cybersecurity can sound exciting, but a lot of it is sober, established policy and process. It's a good read.
foreignpolicy.com/2025/02/11/d...
foreignpolicy.com/2025/02/11/d...
Reposted by Rick Valenzuela
I have the common bad habit of leaving lots of tabs open. A few days ago I opened the CISA Resources and Tools guide and searched for the topic "Foreign Influence Operations and Disinformation." I was sort of surprised to find 4-5 links. I went back this afternoon to follow them. The page is blank.
Resources | CISA
www.cisa.gov
February 11, 2025 at 11:02 PM
I have the common bad habit of leaving lots of tabs open. A few days ago I opened the CISA Resources and Tools guide and searched for the topic "Foreign Influence Operations and Disinformation." I was sort of surprised to find 4-5 links. I went back this afternoon to follow them. The page is blank.
Google caved, but NOAA Weather Radio is still holding strong with Gulf of Mexico
February 11, 2025 at 10:10 PM
Google caved, but NOAA Weather Radio is still holding strong with Gulf of Mexico
Reposted by Rick Valenzuela
We now know that Paragon spyware victims include one activist in Sweden; one activist and one journalist in Italy. I suspect this is just the tip of the iceberg. techcrunch.com/2025/02/05/p...
February 6, 2025 at 11:29 AM
We now know that Paragon spyware victims include one activist in Sweden; one activist and one journalist in Italy. I suspect this is just the tip of the iceberg. techcrunch.com/2025/02/05/p...
Reposted by Rick Valenzuela
There's a current fetish for publishing primary source documents rather than having a reporter describe them, and I totally get it. But remember Reality Winner was caught almost immediately because the Intercept published what she printed out, unaware the NSA printer left an imperceptible watermark.
Any company or organization can use what's called a "canary trap" to try to ID leakers. Reporters - you can always just transcribe, describe or quote source materials like emails, memos, etc. if you're not sure if you'd reveal a source by showing a complete image of something leaked to you.
February 3, 2025 at 11:31 PM
There's a current fetish for publishing primary source documents rather than having a reporter describe them, and I totally get it. But remember Reality Winner was caught almost immediately because the Intercept published what she printed out, unaware the NSA printer left an imperceptible watermark.