Nostr notes by Andrew 🌻 Brandt 🐇

🎉 Right to repair is preserved! 🎉 A house committee in the ...

2026-04-28T02:41:25Z

🎉 Right to repair is preserved! 🎉

A house committee in the Colorado legislature voted 7 to 4 to "postpone indefinitely" the SB26-090 bill that would have rolled back the hard-fought right, had it passed.

A coalition of experts from around the state, the country, and the world testified that the vague definition of "critical infrastructure" left open the possibility that manufacturers could have classified virtually any tech product under that category, which would then have exempted it from R2R unless the attorney general weighed in.

I'm so grateful to everyone who jumped in with almost no advance notice, and testified forcefully that the bill was bad and the arguments underpinning the bill's rationale were complete bullshit.

We won a victory, folks. Against huge industry lobbying efforts, we won the day. Activism mattered and made a difference tonight!

#RightToRepair #COpolitics #cybersecurity #ElectMoreHackers

Hi folks. It's Andrew with another update on our battle over ...

2026-04-27T15:48:35Z

Hi folks. It's Andrew with another update on our battle over the "wrong to repair" bill that continues to move through the Colorado legislature, SB26-090.

I am asking anyone, but especially those with a background as a cybersecurity practitioner, to please consider submitting written or live/virtual testimony TODAY to the committee who will be hearing this bill, starting at 1:30pm mountain time.

This afternoon, in a little under four hours, a House committee will be hearing testimony on the bill. If you have been waiting for your moment, this might be the last chance you have this session to weigh in and express your support for this critical right we may lose in the next few days.

Opponents of Colorado's right to repair law, which only came into effect on January 1, include companies like IBM and Cisco Systems. They are making outrageous and counterfactual claims about the right to repair in order to pressure lawmakers into accepting this bill that would exclude any technology classified as "critical infrastructure" as exempt from the right to repair law.

One of the most egregiously wrong claims they have repeatedly made is that a "right to repair" items like a firewall somehow makes the products Cisco and IBM sell less safe from a cybersecurity perspective. After the committee hearing last month, I spoke in the hallway with the government affairs person from Cisco. I asked him to explain it to me, a cybersecurity professional, why being able to fix a broken firewall presents a cybersecurity risk.

He could not explain it, simply repeating that giving people access to internal schematics in order to let them repair parts in a network edge device somehow presents a risk that adversaries would then be able to more easily reverse-engineer the product.

The cybersecurity folks know where this is leading: They are claiming that the obscurity of their documentation about their products *is* the cybersecurity feature that protects them from attack.

Those of us who are practitioners in this space know that obscurity provides *no security whatsoever* in the long term, and that giving people the ability to replace broken parts, like power supplies, does not threaten the cybersecurity of a router or firewall any more than replacing a power cord.

After all, data centers have tight security about who is allowed in or out, and engage with cyber- and physical pentesters to routinely check the security of their facilities.

The reality is that the west's biggest adversary, China, already has every model of every firewall on earth in its possession, and has thrown brigades of bodies at them to perform the reverse engineering Cisco claims they want to prevent. That cat is out of the bag. This bill will not provide any cybersecurity protection to any Cisco firewall.

As I said to the Cisco lobbyist, if an adversary already has physical access to the device, it's game over. Adversaries don't swap out broken hard drives or power supplies.

Beyond that specious argument, there is a secondary problem with the bill: It never defines with any necessary level of detail what comprises "critical infrastructure" - which means that, if a regular, commercial TV set you can buy at Costco is being used as a monitor in a SOC, it's possible that those commercial products will end up lumped into the category of "critical infrastructure."

We all know that what makes electronic infrastructure critical is not what it *is* - phones, laptops, desktops, printers, scanners, even desk lamps - but how and where, and for what purpose it is *used*

What this bill appears to be about, and why Cisco and IBM are fighting to advance it so hard, is that it enables the rent-seeking behavior of companies who want to lock their customers in to expensive annual support contracts, and lock third-party support companies out of the equation. That's literally all this is, a way to defend an ongoing revenue stream. Any arguments other than that make no sense.

If you can, please consider testifying in person: The lobbyists have seemingly infinite time and access to these legislators, and have been steamrolling the entire process through, using ridiculous lies and arguments that make no sense to anyone with background as a practitioner.

we want to focus on three core messages:<li>This bill is ridiculously broad and would sweep up most IT equipment, limiting repair options for everyone from Fortune 500 companies to small mom-and-pop businesses, schools, hospitals, libraries, universities, local governments, law enforcement agencies and more.</li><li>It is a false premise to claim that repair tools are a security risk and limiting those tools to the manufacturer's repairers is safer.</li><li>This bill allows manufacturers to lock out repair competition and monopolize repair for their products </li><li>that drives up costs, reduces quality and can undermine the secondary market.</li>

If you can share your personal background and experience and speak to how limiting access to repair tools will not make products safer would be great. You don't need to be a Colorado resident, or even based in the US.

Here's how you do it:
sign up to testify here: https://sites.coleg.gov/public-testimony/sign-up-to-testify/step-1<li>; Search for SB26-090</li><li> Select the bill when it pops up</li><li> Fill in your details including whether you are testifying in-person or remotely. Please select "Oppose" for your position. </li><li> Enter your information</li><li> Show up and, when called, give your two (or three, depending on how many/few sign up) minutes of testimony, and be prepared to answer questions</li>

The people pushing this bill are counting on the fact that this is happening in the middle of a workday, when we're all trying to wreck hackers. But this is a case where we, as a community, need to stand up for what's right. Not doing so will make all of our jobs harder in the future. I hope to see you there.

#COpolitics #RightToRepair #activism #hackers #cybersecurity #cybersicherheit #cyberseguridad

RE: https://infosec.exchange/@threatresearch/116387050505018174 ...

2026-04-15T15:27:02Z

RE: https://infosec.exchange/@threatresearch/116387050505018174

Current update on SB26-090 (Colorado's misguided "wrong to repair" bill):

After spending a bunch of the senate session on Tuesday in debate over a bunch of amendments, the bill is tentatively on the calendar for tomorrow, again, to have its third reading in the senate.

Please keep up the pressure - Coloradans and the rest of the country rely on being able to fix broken things in order to protect them from cyberattack. The repair is not the problem here.

https://leg.colorado.gov/agenda/floor/202604162

https://leg.colorado.gov/bills/sb26-090

#COpolitics #Boulder #legislation #RightToRepair #SB26090 #Colorado #CriticalInfrastructure #activism #engagement #TechPollicy #policy #ElectMoreHackers #InfoSec #malware #cybersecurity

quoting
note12fn…0aa7

🚨 Current update on the Colorado bill (SB26-090) that would rescind "right to repair" for "critical infrastructure" 🚨

Please share widely.

The bill is currently scheduled for "third reading (final passage)" in the Colorado senate for Monday, April 13, first thing in the morning. If you have delayed until now doing something, this is your moment to act. You do not need to be a Colorado, or even a US resident, to speak up!

https://leg.colorado.gov/agenda/floor/202604132

Paul Roberts (secure-resilient.org) is putting together a list of people willing to be signatories to a letter opposing this bill. Please reach out to him if you want to sign on to that letter.

Wayne Seltzer, who runs the Boulder U-fix-it Clinic, shared a link to this petition/letter to legislators: https://actionnetwork.org/letters/support-your-right-to-repair-in-colorado

Danny Katz of CO PIRG is running a petition drive to send messages to the legislature. Petition link: https://pirg.org/colorado/take-action/tell-your-senator-protect-colorados-right-to-repair-law/

Finally, and this is important, rep. Brianna Titone (the author of the original 2024 right to repair bill) informed me that some of the advocates for right to repair who have been writing to legislators have been threatening or offensive in their language they used in their messages. This is unhelpful and will not persuade lawmakers to change their minds, so please try to encourage others to remember that these legislators -- who are on the fence -- can be persuaded, and are not (necessarily) inherently evil or corrupt, and just lack understanding.Talk/write to them with that frame of mind.

Thank you!

https://leg.colorado.gov/bills/SB26-090

#COpolitics #Boulder #legislation #RightToRepair #SB26090 #Colorado #CriticalInfrastructure #activism #engagement #TechPollicy #policy #ElectMoreHackers #InfoSec #malware #cybersecurity

🚨 Current update on the Colorado bill (SB26-090) that would ...

2026-04-11T16:37:33Z

🚨 Current update on the Colorado bill (SB26-090) that would rescind "right to repair" for "critical infrastructure" 🚨

Please share widely.

The bill is currently scheduled for "third reading (final passage)" in the Colorado senate for Monday, April 13, first thing in the morning. If you have delayed until now doing something, this is your moment to act. You do not need to be a Colorado, or even a US resident, to speak up!

https://leg.colorado.gov/agenda/floor/202604132

Paul Roberts (secure-resilient.org) is putting together a list of people willing to be signatories to a letter opposing this bill. Please reach out to him if you want to sign on to that letter.

Wayne Seltzer, who runs the Boulder U-fix-it Clinic, shared a link to this petition/letter to legislators: https://actionnetwork.org/letters/support-your-right-to-repair-in-colorado

Danny Katz of CO PIRG is running a petition drive to send messages to the legislature. Petition link: https://pirg.org/colorado/take-action/tell-your-senator-protect-colorados-right-to-repair-law/

Finally, and this is important, rep. Brianna Titone (the author of the original 2024 right to repair bill) informed me that some of the advocates for right to repair who have been writing to legislators have been threatening or offensive in their language they used in their messages. This is unhelpful and will not persuade lawmakers to change their minds, so please try to encourage others to remember that these legislators -- who are on the fence -- can be persuaded, and are not (necessarily) inherently evil or corrupt, and just lack understanding.Talk/write to them with that frame of mind.

Thank you!

https://leg.colorado.gov/bills/SB26-090

#COpolitics #Boulder #legislation #RightToRepair #SB26090 #Colorado #CriticalInfrastructure #activism #engagement #TechPollicy #policy #ElectMoreHackers #InfoSec #malware #cybersecurity

It has been a busy winter so far for me, which is why I ...

2026-04-06T18:33:25Z

It has been a busy winter so far for me, which is why I haven't been posting a lot here. But today I'm proud to share with you the fruits of some of that labor: The Colorado Democratic Party's platform for 2026. For those unfamiliar, a platform (in the US) is a statement of values that a political party stands for, generally agreed upon by people who stand for election as representatives of the party.

I was elected during last year's party re-org to the Platform Committee. The chair of the committee asked if I would run the subcommittees for two of the "planks" (sections) of the platform: the Democracy section, and the New Tech & AI section. It was an honor to work on both.

I'm going to share screenshots from the New Tech & AI plank because it's relevant to the work I do here, and I think a lot of people might be interested to see this statement of values. This plank is brand new, never before covered in prior Platform documents.

I'm also pleased to report that the whole of the Platform Committee and the roughly 1500 delegates to last weekend's statewide party Assembly voted to approve this as-is, with no additional changes, on a vote of 98.9% in favor.

There's a lot to like, but my favorite aspect of this is that I managed to get widespread approval for use of the term #enshittification in the official platform, both from the Platform committee and the larger party leadership. Thanks Cory Doctorow (npub1fdr…lvhs) for the inspiration. (I believe this is the first time the term has been used in any official political party platform ever.)

The full platform is readable at https://www.coloradodems.org/platform

#AI #datasovereignty #privacy #infosec #techequity #R2R #RightToRepair #politics #COpolitics #Boulder #Colorado #Democracy #democrats

I am at the Colorado capitol today to testify against a new bill, ...

2026-04-02T16:13:10Z

I am at the Colorado capitol today to testify against a new bill, SB26-090, that would carve out a broad and unnecessary exemption to our groundbreaking right to repair law that would effectively remove the right to repair for large categories of technologies.

The bill is going to be heard in committee today "upon adjournment" of the senate. If you have the ability to testify online or in writing against this bill, I would encourage you to do so as soon as possible.

Background: https://www.ifixit.com/News/116447/a-new-colorado-bill-could-blow-a-hole-in-the-nations-strongest-right-to-repair-lawhe-nations-strongest-right-to-repair-law

Testimony signup link: https://sites.coleg.gov/public-testimony/sign-up-to-testify/step-1

Current day status board: https://www.leg.state.co.us/public/display.nsf/index.html

Bill details: https://leg.colorado.gov/bills/SB26-090

A remarkable outcome for a large group of local Colorado ...

2025-12-11T03:08:34Z

A remarkable outcome for a large group of local Colorado activists last night. In Longmont, a Denver suburb northeast of Boulder, more than 50 people testified last night to city council (and more than 90 people came to the council meeting) about their pending renewal of a contract with Flock, the ALPR company that has been under fire for its surveillance capitalism. DeFlock Longmont, the group that organized the public comment scrum, won a victory when city council voted not to renew the contract at the end of the hours-long meeting.

Public comment was at times serious and other times silly, but unanimous in opposition to the city renewing their contract. Public safety officials, including the chief of Longmont Police, testified after the public comment period that the Flock cameras had been instrumental in stopping a number of dangerous incidents and arresting people who committed violent crimes.

I hope you're following this, 404 Media (npub1psa…j5uh) because we are not going to stop with just this one city.

Read the story here:

https://yellowscene.com/2025/12/10/longmont-residents-win-fight-against-ai-surveillance/

Watch the video:

https://www.youtube.com/watch?v=CFj3UlteWHE

#COpolitics #Colorado #Longmont #Flock #ALPR #resistance

Links to a fresh set of "road toll" scam websites was ...

2025-12-04T00:14:15Z

Links to a fresh set of "road toll" scam websites was pushed out by SMS today, targeting people with mobile phones in #Colorado area codes. The messages tell the recipient that they owe back tolls for driving on a highway in Colorado and purports to link to the Colorado DMV website. The page that loads accurately mimics the Colorado Department of Revenue website appearance, and claims you owe $6.69 in tolls. Needless to say, this is fake. Spread the word: Tolls are not collected directly via SMS message.

This is a continuation of an ongoing, Russia-originated campaign that has been targeting specific states and regions for the past year. I blogged about it in October for Netcraft (npub145g…hv56) - we gave the threat actor the moniker Logger EIO. https://www.netcraft.com/blog/taxpayers-drivers-targeted-in-refund-and-road-toll-smishing-scams

#smishing #phishing #colorado #CODOR #CODMV #DMV #scam #fraud #roadtoll #tollroad #tollscam #LoggerEIO

I'm a member of the Boulder Valley School District's ...

2025-12-03T21:26:04Z

I'm a member of the Boulder Valley School District's "District Accountability Committee" or DAC. Each school in the district has a representative that meets once a month at district headquarters to hash out policy, budget, and other recommendations to the school board.

At last night's DAC meeting, during the Q&A period following our Superintendent's briefing (in which he brought up the ongoing problem of kids vaping in school bathrooms), I mentioned an amazing talk I saw at this past DEF CON (npub1dqd…8xy4) #DEFCON33 called "Unmasking the Snitch Puck: The creepy IoT surveillance in the school bathroom" - video here: https://www.youtube.com/watch?v=WCnojaEpF2I

You see, New Vista High School, which just opened a brand new building, has installed these devices, called a Halo 3C Smart Sensor, in all the bathrooms and elsewhere inside the school building, and has made a measurable impact reducing the number of vaping-in-school incidents. But, as I told superintendent Anderson, the sensor itself brings along with it some seriously problematic security vulnerabilities, in addition to the undocumented capabilities that the researchers in the talk exploited.

The superintendent's response to that made the whole room bust out laughing: "Andrew, you never fail to bring to my attention things that scare the hell out of me" - to which I responded, literally my job, Rob. It's why they call it "Threat Research" my guy.

This is why every community board, council, committee, etc. needs a thoughtful hacker present, to relay important information like this to policy implementers and policy makers who just don't keep up with this space.

#BVSD #schoolboard #edtech #edpolicy #techpolicy #Boulder #COpolitics

Fascinating, and yet utterly unsurprising.

2025-11-25T01:08:50Z

In reply to nevent1q…a2nq
_________________________

Fascinating, and yet utterly unsurprising.

I guess we'll never see the Intellivision Amica now

2025-10-17T18:45:05Z

In reply to nevent1q…km9g
_________________________

I guess we'll never see the Intellivision Amica now

yey! congratulations!

2025-08-28T19:33:29Z

In reply to nevent1q…u5sx
_________________________

yey! congratulations!

ha! we get bears wandering through our neighborhood, usually in ...

2025-08-24T06:11:46Z

In reply to nevent1q…vneh
_________________________

ha! we get bears wandering through our neighborhood, usually in the spring, but it's far more common to see elk or a herd of deer.

#NoKings #Boulder today ...

2025-06-14T21:29:50Z

#NoKings #Boulder today

While I have no special knowledge about what Google uses to ...

2025-05-23T16:57:40Z

In reply to nevent1q…nneu
_________________________

While I have no special knowledge about what Google uses to prevent spam, I study spam professionally, and I know that there are myriad ways spammers evade filters. The effective evasion of a filter by a spammer does not indicate an affirmative decision by Google to "refuse" to address it. Their ineffective filtering on the backend is not an active refusal. That's all.

While I don't doubt that's happening, and I concur that ...

2025-05-23T16:49:33Z

In reply to nevent1q…l57m
_________________________

While I don't doubt that's happening, and I concur that must be frustrating and exasperating to deal with, that is not what I was asking for, which is evidence that Google refuses to address spam.

🚨🚨 The CFP for Malware Village @npub1dqd…8xy4 is closing ...

2025-05-23T13:06:32Z

🚨🚨 The CFP for Malware Village DEF CON (npub1dqd…8xy4) is closing tomorrow, May 24th!

The form: http://bit.ly/MV2025CFP

Now is the time to apply if you haven't already! 🥳

#MalwareVillage #DC33

What evidence do you have that they "refuse" to take ...

2025-05-22T16:04:27Z

In reply to nevent1q…j35l
_________________________

What evidence do you have that they "refuse" to take action? That seems pretty egregious.

Nostr event nevent1qqsv93t527xvrvd93ecmcsnmuvqa678tlvcayuyr4apsk38g7lzrq9czyzvtycrna6r6vmgu2cn86636q69prasdtjr6h72am7nyl5ufv84cgr0r3yh

2025-05-19T03:56:54Z

In reply to nevent1q…0jq6
_________________________

TOP MEN Seriously, this is the same guy who thinks he can run for ...

2025-05-12T14:21:03Z

In reply to nevent1q…sr0w
_________________________

TOP MEN

Seriously, this is the same guy who thinks he can run for president?

I guess anyone can dream. I just hope this isn't what gets foisted on all of us in three years.

are you an eligible voter? what offices/ballot measures are on ...

2025-05-03T01:58:10Z

In reply to nevent1q…lhle
_________________________

are you an eligible voter? what offices/ballot measures are on the ballot in Singapore?

About 120 of my fellow Boulderites rushed to the building that ...

2025-04-22T02:09:51Z

About 120 of my fellow Boulderites rushed to the building that houses #NIST and #NOAA (and #NWSBoulder) headquarters this morning based only on a rumor that the dodgy people had shown up and were firing people.

It turned out only to be a rumor, and our representative, Joe Neguse, came out at 1pm to address the crowd, telling folks that he appreciated them coming out to support federal workers.

But this really shows that this community will step up to defend and protect the critical federal workforce who work at NIST and NOAA in support of the American people.

this is smart. I'm going to do this. I use a browser add-on ...

2025-04-19T15:12:44Z

In reply to nevent1q…s92g
_________________________

this is smart. I'm going to do this. I use a browser add-on called User-Agent Switcher and it's easy to modify the stock U-A https://addons.mozilla.org/en-US/firefox/addon/uaswitcher/

This is the most malicious, brutal malicious compliance ...

2025-02-15T20:40:54Z

This is *the most malicious, brutal* malicious compliance I've seen in quite some time, possibly ever, and I am HERE FOR IT. Thank you, jwz (npub1l77…cjyv)

https://www.jwz.org/xscreensaver/google.html

#privacy #security #infosec #Android #screensaver

#Paypal is changing its privacy policy. If you have an account, ...

2025-01-27T20:38:35Z

#Paypal is changing its privacy policy. If you have an account, here's what you need to do:

✅ Log in (you *are* using TOTP multifactor authentication, right?)
✅Click the Gear icon in the upper right corner.
✅Click "Data & Privacy"
Follow the link under that category to "Personalized Shopping"
✅Click the slider switch to disable data sharing with advertisers and retailers based on your purchase history.

#privacy #dataprivacy #PCIDSS #userprivacy #venmo

have you ever tried reporting phishing sites to them? Their ...

2025-01-26T17:28:19Z

In reply to nevent1q…kafe
_________________________

have you ever tried reporting phishing sites to them?

Their reporting tool informs the person doing the reporting that CF will pass along the report, along with identifying information about the person doing the reporting, to "the website owner"

ie., the phishing site operator

No thanks.

is it any wonder this stuff flourishes behind their captcha gates? I won't help them by reporting if the result is greater risk for me.

They can figure this out by themselves.

There does seem to be a lot of bending-the-knee/kissing-the-ring ...

2025-01-18T19:31:46Z

In reply to nevent1q…s3gj
_________________________

There does seem to be a lot of bending-the-knee/kissing-the-ring going on, and the nicest way to describe it is gross and degrading. But I do sometimes find myself grateful for finding out who people are by them telling us in no uncertain terms.

Please spread widely among your communities. On January 17, ...

2025-01-14T16:08:16Z

Please spread widely among your communities.

On January 17, 18:00-20:00 Central (US) time, Invisible Histories will be running a hackathon via Zoom to preserve LGBTQ digital records like websites, articles, and other online sources controlled or influenced by federal or state governments in the (US) south.

We need all hands on deck for this event. The organization running the hackathon will be able to provide very little tech support during the event. So you need to have skills at doing things like archiving websites and online materials.

Registration link: https://bit.ly/HACKATHON2025

#lgbtq #lgbtqia #hackathon #preservation #archive #archives cc: Jason Scott (npub1k79…tp5x)

😩

2025-01-03T16:57:24Z

In reply to nevent1q…g05a
_________________________

😩

Is this a new meta-Oddworld franchise? Oddworld: Abe's ...

2024-12-09T19:52:46Z

In reply to nevent1q…yram
_________________________

Is this a new meta-Oddworld franchise? Oddworld: Abe's XBoxyship

Broadcom is scaling back their ingenious #VMware plan to only ...

2024-12-05T02:56:27Z

Broadcom is scaling back their ingenious #VMware plan to *only* service their top 2000 customers and instead they're saying that now they're going to service only their top 500 customers.

I'm a longtime VMware user and customer (ESXi and Workstation) and I feel utterly shafted.

Leaving hundreds of thousands of small customers who *want to continue using and buying your product* twisting in the wind because...why?

I haven't even been able to access the licenses and products I had previously paid for since the acquisition, let alone buy anything. I feel like I was robbed blind. What the hell is this?

Welp, time to switch everything over to #Proxmox.

https://www.theregister.com/2024/12/05/vmware_user_migration_plans/

this could be the most concise summary of LinkedIn's business ...

2024-11-27T19:43:25Z

In reply to nevent1q…gq2y
_________________________

this could be the most concise summary of LinkedIn's business model

maybe they're behind 7 proxies!

2024-11-27T04:20:13Z

In reply to nevent1q…996u
_________________________

maybe they're behind 7 proxies!

Hey #Badgelife creators, fans, or collectors. Read and boost ...

2024-11-23T00:45:42Z

Hey #Badgelife creators, fans, or collectors. Read and boost this!

In January I will be in DC for some meetings. Because I will be there anyway, I reached out to some of the curators at the Smithsonian to ask them to meet. To my surprise, they accepted!

I want to bring them some awareness of the Badgelife community and projects, because I think Badgelife represents an incredible amount of creativity, innovation, and technological advancement, and it's happening right under everyone's noses!

So I'd like to ask: If you had an opportunity to share something about what Badgelife means to you, how it is advancing human ingenuity, or just what it means for creativity in the 21st century: What would you like me to share with the folks at the Smithsonian about Badgelife?

Share your pics. Share links to your projects. Share your stories of playing weird proximity games over NFC or wifi. Why do electronic badges make you happy? How do people use them to tell stories? Tag it #SmithsonianBadgelife so we can find it and collect it to hand over to them.

Please spread far and wide. I'd like to get as much community feedback as possible to share with them.

Thank you in advance.

#electronicbadge #defcon #SAO #SimpleAddOn #hack #electronics #hackerculture #hackers #CCC #minibadge #Saintcon #hackaday #supercon

stay strong, friend, and update your passport

2024-11-18T20:07:44Z

In reply to nevent1q…mmh5
_________________________

stay strong, friend, and update your passport

so ... Nothing stopping him from going to the front lines, then

2024-11-15T06:07:48Z

In reply to nevent1q…g55h
_________________________

so ... Nothing stopping him from going to the front lines, then

For those who don't know (which is most of you), this project ...

2024-10-31T16:59:59Z

For those who don't know (which is most of you), this project has been the intense focus of my work, taking up a huge amount of my time, energy, and investigative effort for the past 14 months - while still helping others at Sophos publish their research; running an election campaign where I was a candidate for school board; speaking at Blue Hat, Defcon, Saintcon, Virus Bulletin and other conferences; guest lecturing to classes at CU Boulder; volunteering my time canvassing for political candidates; serving as a docent at the Media Archaeology Lab; and starting up the Elect More Hackers organization.

Whew. It's actually kind of daunting just to read that. I also sometimes sleep and eat.

Sophos X-Ops (npub1xrh…fkxn) has been, at its core, an institution that values radical transparency, and this story (and the earlier research investigations into the Operation Pacific Rim threat actors and incidents) demonstrates Sophos' commitment to truth and journalistic integrity, following a story wherever it leads.

I hope our publication today starts a larger conversation and collaboration within the cybersecurity industry - inside and outside the Cyber Threat Alliance, which Sophos actively supports and where I am proud to represent my employer - to work together to thwart the ambitions of nation-state threat actors such as the perpetrators of Operation Pacific Rim, in order to protect the privacy and safety of everyone, everywhere.

#PacificRim #OperationPacificRim #malware #china #hacking #hacks #infosec #firewalls #intrusiondetection

https://www.sophos.com/en-us/content/pacific-rim

Is Jason Scott on Mastodon?

2024-10-11T18:56:15Z

In reply to nevent1q…4qva
_________________________

Is Jason Scott on Mastodon?