Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & Co_chair UK Gov Cyber Security Advisory Board
Joined April 2008
- Tweets 16,995
- Following 1,897
- Followers 33,021
- Likes 45,647
3,147 Photos and videos
Daniel Cuthbert retweeted
as far as the OpenBSD crypto part is concerned, I was there. I quite remember the EXP ciphers in netscape and friends, and the way OpenBSD was packaged back then.
It didn't shy on the crypto, but RSA's patent was still valid at the time, so you got a libcrypto/libssl...
1
1
82
Daniel Cuthbert retweeted
Jun 13
Fable isn't the first.
In 1999 the department of defense blocked exports of the PowerMac G4 for crossing the 1 gigaflop threshold.
Steve Jobs turned it into an ad.
164
1,351
16,394
1,201,639
Wat ya in for fam?
Sent a tweet at 2113…..
🚨 NEW: Keir Starmer will introduce nightly social media curfews for 16 and 17-year-olds as part of the Government's social media ban
[@thetimes]
1
1
2
564
Daniel Cuthbert retweeted
When this dumbass law was made, Debian responded by setting up a repository just for software affected by it, which would only be available on non-US servers, but still accessible worldwide.
The "munitions" had already been exported of course, so it was pretty much useless.
Jun 13
in the 1990s, the US government classified 128-bit SSL encryption as a "munition" under ITAR, putting it in the same legal bucket as missiles and tanks.
As a result, Netscape and Microsoft had to develop two entirely separate versions of their web browsers:
1
2
608
Well this aged well....
Claude Fable 5 has been out for a couple of days. Some projects people have already built with it:
4
820
Jun 13
in the 1990s, the US government classified 128-bit SSL encryption as a "munition" under ITAR, putting it in the same legal bucket as missiles and tanks.
As a result, Netscape and Microsoft had to develop two entirely separate versions of their web browsers:
18
80
1,804
112,284
Jun 13
The Domestic Edition (US & Canada): Full, secure 128-bit encryption.
The International Edition (Rest of the World): Had its cryptographic legs intentionally broken. The symmetric key length was artificially capped at a measly 40 bits
4
5
318
12,344
Jun 13
How history repeats itself in this industry is funny.
From the crypto wars to the AI wars....
3
6
251
11,889
Daniel Cuthbert retweeted
I had a lot of Fable tokens to use up before my weekly reset, so I made this live 3D map of London with Three.js
Every train, bus, boat and plane is real and live right now!
- Tube, bus and riverboat data from TfL
- National Rail trains from Darwin live departure boards
- ADS-B for planes and helicopters
- AIS feed for boats and ships
- Map data from Overture and OpenStreetMap
Trains and buses have no GPS feed, so their positions are inferred from arrival countdowns and departure boards, then animated along the track/route geometry
67
132
2,061
176,336
Daniel Cuthbert retweeted
Jun 11
npm finally killed postinstall and preinstall scripts, THANK GOD, so I wrote an obituary for npm's worst feature which will finally die in v12
4
16
72
6,160
Daniel Cuthbert retweeted
Jun 10
NEW: malware developers added nuclear & biological weapons text to to their spyware.
Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner.
Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky.
When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit.
We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted.
In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation.
H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…
226
2,152
12,636
1,542,188
Apple trust and safety: get your kids addicted early and you’ve got a customer for life
Trust us. They need an iPhone now.
2
5
1,090
Daniel Cuthbert retweeted
Jun 8
Personal update: I’ve decided to leave OpenAI. Not that I ever worked there. But it just looks like everyone else is doing it, so I thought I'd hop on the bandwagon.
In other news, I've decided to join @AnthropicAI to work on AGI for the benefit of Claude. I don't think they realize that I've decided to join, and to be honest, I don't think my decision carries much weight with them, since I wasn't offered a job there.
But the decision stands.
80
115
2,958
238,928
When you realise you were wise to spend good money on solid cans...
youtube.com/watch?v=74NluS3j…
633
Ideally reading it whilst not behind a paywall would be better, so one can work out how much of this is clicks
A hidden spy camera was just discovered inside a ceiling panel at the absolute heart of the UK government, and intelligence agencies have no idea who is watching. The device was found inside the heavily guarded Whitehall building housing the Home Office and the Ministry of Housing, Communities and Local Government. Security officials are scrambling to figure out how a hostile actor bypassed elite checkpoints to plant the camera, how long it has been recording, and exactly what high-level state secrets have been covertly streamed out of the building.
The timing of this catastrophic breach is terrifying. This exact Whitehall hub was the operational command center where civil servants handled the fiercely contested, fast-tracked approval of China’s new London mega-embassy earlier this year. That massive diplomatic compound, set to be Europe's largest, was pushed through by ministers despite explicit warnings from security experts that the site sits directly over critical fiber-optic cables carrying vital financial and government data. The reality that a covert camera was active in the very offices managing this geopolitical flashpoint raises immediate fears of a successful, high-level foreign intelligence operation.
This breach completely shreds the illusion of Whitehall’s physical security. For a physical spy camera to be hardwired into a ceiling, the perpetrator either possessed an insider security pass or exploited a massive blind spot in maintenance vetting and routine electronic bug sweeps. With a high-stakes judicial review of the Chinese embassy decision looming, MI5 is left racing against the clock to assess the damage to a domestic security hub that has been thoroughly compromised from the inside out.
#Whitehall #Espionage #NationalSecurity #UKPolitics #HomeOffice #ChinaEmbassy #MI5 #SecurityBreach
inews.co.uk/news/politics/se…
1
4
1,933
Daniel Cuthbert retweeted
Jun 4
Cybersecurity is a broken industry. We rely on products that were designed to be sold, not used. And the incentives are completely screwed up.
I made this video about all of the ways things are bad, how we accidentally make it worse, and why new technology won't fix it.
44
45
388
55,757
When @watchesofespion not only does a piece on covert spy watches but then also drops 0hdayz into the mix too
youtu.be/8K5GtdWM5kA?si=p9zY…
Just ticking all me boxes now, thanks
1
1
969
When one needs a firewall for your tv...
blog.includesecurity.com/202…
1
1
3
877