Rick Valenzuela
LightNews LightNews
banner
threatc.at
Rick Valenzuela
@threatc.at
230 followers 630 following 80 posts
threat detection. distant past: journalist.
🍜 Slurp with gusto
http://infosec.exchange/@rv

TnFxIHpyIHNiZSBndXIgb3JmZyBpcnRyZ25ldm5hIFRyYXJlbnkgR2ZiJ2YgZXJwdmNyIHZhIGd1ciBoYXZpcmVmcg==
Posts Replies Media Videos
threatc.at
Alongside possibility of data interception and location tracking and opaque ownership hierarchy of what are essentially white-label resellers, it also looks at the workflow of deploying eSIMs and weak points attackers could hit
Screenshot from paper: This system is analogous to new car dealerships that purchase cars directly from the manufacturer and sell to consumers. In the case of a car dealership, the car manufacturer has a serious stake in ensuring that dealerships operate according to strict policies and procedures to avoid tarnishing the brand reputation. In the case of eSIM reselling, users are unlikely to give any consideration to who is managing and operating the eSIM profile they have just downloaded to their mobile device. MNOs and MVNOs appear to be willing to allow any party the opportunity to re-sell access to their networks. The opportunity exists for virtually anyone to establish their own online presence, selling cellular data plans to anyone with an internet connection. This scenario has serious implications for user data privacy.
August 19, 2025 at 7:36 PM
threatc.at
Rewrite the quote “Do not cite the Deep Magic to me, Witch. I was there when it was written” in the voice of Pauly Shore’s character Stoney in Encino Man saying, “If you're edged 'cause I'm weazin all your grindage, just chill. 'Cause if I had the whole brady bunch thing happenin' at my pad, I'd go grind over there, so dont tax my gig so hard-core cruster.” ChatGPT said: Sure! Here’s that quote reimagined in the voice and style of Pauly Shore’s Stoney from Encino Man: "Yo, don’t be throwin' down the Deep Magic vibes at me, buuuddy. I was totally chillin’ when they laid it down, saw the whole scroll sesh go down, major OG incantation action, ya know? So don’t harsh my mystical mellow, crusty sorceress." Let me know if you want it even more surfer-stoner or pulled back a bit!
May 16, 2025 at 9:41 PM
threatc.at
Continue nudging the feed
May 16, 2025 at 9:00 PM
threatc.at
I did this in Shanghai circa 2018, when the AQI was horrendous (second pic). Above 100 was common, and an occasional spike above 400. Airnow.gov has Barnegat at 63 and forecast for 100
Chart describing Air Quality Index (AQI) values. Read the whole thing at https://www.lung.org/clean-air/outdoors/air-quality-index Heat map chart of AQI in Shanghai, showing 19 days at 100 or more in January 2018.
April 24, 2025 at 5:26 PM
threatc.at
Lotta talk now about burner phones (and nerds saying what isn't). You don't need to go super cloak and dagger for decent risk reduction. But if you want to, listen to @eanmeyer.bsky.social and @strandjs.bsky.social from @bhinfosecurity.bsky.social

www.youtube.com/playlist?lis...
Excerpt: If you can get a separate phone, you maywant to run that stripped down to essentials, with a minimal contact list and only necessary communication apps, potentially with separate accounts. This isn't a burner phone; if you think you need to go to that level, you'll have to actively do a lot more planning and care for the steps you take. Watch a 3-part series from Black Hills Information Security titled "How to Live like a Criminal - Privacy Tips for the Non-Criminal". It covers a lot more ground on planning to purchase and activate a bumer and the risks to safely maintain it, as well as awareness of how much information on you from data brokers would be available — whether to law enforcement, other investigators, or criminals.
March 25, 2025 at 4:15 PM
threatc.at
One of the risk profiles is protesters. For them, and for more users and reasons, iPhone users should turn on Lockdown Mode. In this context, it's about IMSI catchers, which intercept calls. @eff.org just released a tool for this, and it's worth reading about, and using
www.eff.org/deeplinks/20...
Excerpt: Protester If you're going to attend a protest and feel uncertain about your communications, the most basic thing you could do is leave your phone at home, or turn it off completely while at the protest site. Make sure that you have a good passcode set to unlock your phone or laptop, as fingerprints or FacelD can be bypassed easily by force or coercion. Disable unlocking by fingerprint or facial recognition. If you have an iPhone, also consider turning on Lockdown Mode. This would disable 2G, an older form of cellular connection, which is commonly used as a fallback. Android users can explicitly disable 2G in settings too. These connections aren't encrypted and are susceptible to interception, such as from IMSI-catchers, sometimes called by a brand name Stingray.
March 25, 2025 at 4:15 PM
threatc.at
Spoiler: One of the 5 things is using MFA. It's been a decade since learning this one thing could've prevented John Podesta from losing control of his Gmail. @danielmiessler.bsky.social wrote a great breakdown of options, so this section doesn't reinvent the wheel
danielmiessler.com/blog/not-all...
Multifactor Authentication Again, any is better than none, but here the differences are significant. The simplest of these are getting codes sent by email, phone call or text message. A level up rould be using an app that generates codes. Another level up is an app that prompts /ou to accept or deny the login, and the highest security would come from a physical object, whether that's a piece of hardware in a USB key or from the built-in security chip that's made for this embedded in your phone or computer. A great chart and rundown of these are written in this blog post by security researcher Daniel Miessler.
March 25, 2025 at 4:15 PM
threatc.at
The common cyber cliche is about not being faster than a bear, but outrunning the other potential victim. The drier cliche truth is that security is a process. Don't stress over loose ends and TODOs, just come back regularly and eventually do them
Excerpt: Apart from methods and measures, the one essential lesson about protecting yourself digitally is that security is a process. You don't have to get to everything in one go. Once you have a list of the things you need to do, make a plan and knock off those tasks on a schedule. Keep coming back to it. Corporate and enterprise security people often tout an adapted Pareto Principle to discuss the priority security measures: 20 percent of control mechanisms will thwart 80 percent of attacks.
March 25, 2025 at 4:15 PM
threatc.at
Seriously, it works from phone?

Ugh. Well, if anyone who engaged on that thread sees this, I appreciated it
March 25, 2025 at 4:03 PM
threatc.at
Not me trying to upload pics from my phone to see if they also show up glitched like the thread I just worked on from laptop
March 25, 2025 at 4:00 PM
threatc.at
The ICC either has massive operational hurdles, or a hell of a business continuity plan. When Trump sanctioned the ICC, the Guardian reported internal worries about their reliance on Microsoft Azure and that suspending access would "paralyse its investigations"

www.theguardian.com/law/2025/jan...
Screenshot from linked Guardian article, with photo of ICC chief prosecutor Karim Khan and this excerpt from the article: One key concern to have emerged in recent months is the ICC’s reliance on Microsoft which has deepened in recent years after chief prosecutor Karim Khan formed a partnership with the company to overhaul the court’s systems. Multiple sources in the prosecutor’s office said Microsoft’s Azure cloud platform is critical to its operations and suspending access would paralyse its investigations. “We essentially store all of our evidence in the cloud,” one said.
March 11, 2025 at 2:11 PM
threatc.at
Nice one, Access Now
February 14, 2025 at 2:32 PM
threatc.at
well damn. aquafaba works great

chocolate chip banana bread, sans eggs
loaf of chocolate chip banana bread, with a slice cut, sitting on a cutting board
February 13, 2025 at 4:28 PM
threatc.at
Petitioning Google and NOAA to do the right thing and rename this instead
February 12, 2025 at 9:04 PM
threatc.at
Google caved, but NOAA Weather Radio is still holding strong with Gulf of Mexico
February 11, 2025 at 10:10 PM
threatc.at
Succinctly put
January 22, 2025 at 12:25 AM
threatc.at
Shortly after moving to Miami I joined a printmaking studio, just when hurricanes Helene and Milton were coming to Florida. So I got a new radio with weather band and made these shirts, a callback to the 90s ones about Black Sabbath, Slayer, Bob Marley. Wasn't meant to be political, but here we are
A pile of four black T-shirts with white, all-caps text in a plain sans serif that says “Listen to NOAA”. In front is a yellow portable radio, the XHDATA model D-608WB, set to 162.550 megahertz on the weather band. In the background is a pile of heather gray shirts.
December 2, 2024 at 7:56 PM
threatc.at
Went straight from attending Cyberwarcon virtually to seeing Amy Tan at the Miami Book Fair talking about her new book, THE BACKYARD BIRD CHRONICLES. Since she’s starting off with her birding beginnings and a blue jay, here’s one from our apartment in Cambridge last year
November 22, 2024 at 11:42 PM
threatc.at
An oldie but goodie from this weeks' Hacks/Hackers newsletter. Love to roll my eyes at this mixup, but also kinda love it

Remember when CNN rang in the new year from Bangkok, Taiwan?
Screenshot excerpt from the Hacks/Hackers newsletter, the section titled Upcoming Events. Reason for posting is the last line, for RightsCon in "Taipei, Thailand". Full text autogenerated: Upcoming Events « Nov 7-8, San Jose, US, Public Interest Technology University Network Summit « Nov 13-14, Boston, US, OpenForum Academy Symposium « Feb 3-7, Online, US, National News Literacy Week « Feb 24-27, Taipei, Thailand, RightsCon
October 31, 2024 at 2:32 PM
threatc.at
January 21, 2024 at 1:05 AM