April 16

Sabotage of railways from Belarusian partisans has inspired Russians. And, apparently, been conducted by Belarusian partisans. We saw partisans get kneecapped in Belarus, and I fear they’ll be executed if Russia catches them.

Belarusian Hajun project @MotolkoHelp

Successful rail sabotage has already taken place in 4 regions of Russia, the Community of Belarusian railway workers reports. It is known that over the last 2 weeks, rail partisans have damaged railroad tracks in Bryansk, Orel, Smolensk and Kursk regions of Russia. 1/2

11:40 AM ∙ Apr 15, 2022

---

1,002Likes243Retweets

Belarusian Hajun project @MotolkoHelp

Special devices are installed in relay cabinets, which work on timer and completely burn out the internal equipment of the relay cabinet. Belarusian initiative Busly Liatsiats take responsibility for some of the partisan actions carried out on the Russian railroad. 2/2

11:40 AM ∙ Apr 15, 2022

---

280Likes35Retweets

A measured response to a very wrong opinion piece.

Dan Black @DanWBlack

How are we almost two months into a war and still fielding claims that the cyber attacks originating from one of the militaries prosecuting said war are somehow "below the level of armed conflict?"

5:20 PM ∙ Apr 15, 2022

---

20Likes9Retweets

Berry (Rune Arc) @bloodberry_tart

twitter is a game and the objective is to never have to make a tweet that starts like this

5:48 PM ∙ Apr 15, 2022

---

27,068Likes1,844Retweets

Algorithms. Not just for YouTubers anymore.

Dutch scandal serves as a warning for Europe over risks of using algorithms – POLITICO

The Dutch tax authority ruined thousands of lives after using an algorithm to spot suspected benefits fraud — and critics say there is little stopping it from happening again.

%

Sputnik @Sputnik_Not

Putin personally awards crew of Moskva with Order of Courage for destroying two Ukrainian missiles

9:46 AM ∙ Apr 15, 2022

---

5,924Likes809Retweets

TikTok lawyers with the OPSEC advice.

Makena Kelly @kellymakena

idk, i trust this guy

2:53 PM ∙ Apr 15, 2022

---

66,964Likes7,760Retweets

Mini rant:

Lots of analysis is showing up explaining why Russia is *obviously* doing badly. Thing is, it’s a lot easier to predict things that happened in the past. I respect the analysis, but, seriously, I saw a YouTube channel with, in reverse chronological order: “why Russia is losing”…”no, Russia will not invade Ukraine”…”Russias formidable main battle tanks”

I’m not saying don’t get it wrong, I’m saying that I have a hard time listening to someone who doesn’t even talk about how and why they got it wrong. Bonus for incorporating those lessons into future analysis.

GitHub discovered that Heroku and Travis-CI OAuth tokens were stolen and being used to do nefarious shit in GitHub repos.

[Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog](https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/)

[Heroku Status](https://status.heroku.com/incidents/2413)

This is a great article on the use of electronic warfare in the modern battlefield. There’s analysis on what needs to be done right, what Russia appears to be doing wrong and why, leading to what the consequences are.

A Key Reason for Russia’s Colossal Electronic Warfare Failure in Ukraine

Six weeks into the war, it’s clear that Russian Electronic Warfare/Electronic Attack (EW/EA) systems have been largely ineffective.

Webex totally accidentally send audio data when it claimed that it was muted. Seems like someone is doing good research on shifty software.

The Register @TheRegister

FYI: After Cisco's Webex app was spotted sending audio telemetry even when muted, the IT giant told us it has made changes so that the software no longer transmits microphone data.

This is part of a study on what chat app mute buttons actually do

The research

Surveillance Killjoy @hypervisible

Bad news for folks (like me) who thought “mute mic” meant no sound was being transmitted.

thenextweb.comMuting your mic reportedly doesn’t stop big tech from recording your audioThink your muted? Better think again. A team of researchers found out Big Tech keeps recording when you mute.

3:35 PM ∙ Apr 15, 2022

---

751Likes402Retweets

Keep up to date on what out of date crap is being exploited in the wild.

boB Rudis 🇺🇦 @hrbrmstr

I've been working on an Rmd report summarizing the CISA KEV catalog every time it updates (it is not automated yet). It'll eventually auto-publish to the GH pages (hrbrmstr.github.io/cisa-known-exp…) of the archiving repo (github.com/hrbrmstr/cisa-…).

github.comGitHub - hrbrmstr/cisa-known-exploited-vulns: Daily archiver for CISA’s Known Exploited Vulnerabilities listDaily archiver for CISA’s Known Exploited Vulnerabilities list - GitHub - hrbrmstr/cisa-known-exploited-vulns: Daily archiver for CISA’s Known Exploited Vulnerabilities list

10:56 AM ∙ Apr 16, 2022

---

19Likes5Retweets

Starting with Grammarly and then going into broader discussions of third party software and security. See also the reports about software lying about the mute feature above.

https://theroute.io/the-requirement-for-telemetry-assesments/

Bad scholarship is dissected and the problem of citation repetition eventually making bad papers’ findings canon.

Carl T. Bergstrom @CT_Bergstrom

1. "The pandemic proves that people don't understand exponential growth," various folks have quipped.

Perhaps that's true.

You know the claim about how people are terrible at estimating exponential growth rates, and the classic study it's based on?

It's hopelessly flawed.

We come full circle, as the new video from Dave Aitel addresses the short comings of the same article Dan Black had issues with above.

Missed this at the time. Singapore starts licensing security vendors.

Singapore begins licensing cybersecurity vendors | ZDNET

Vendors providing penetration testing as well as managed SOC monitoring services have up to six months until October to apply for a licence from Singapore's Cyber Security Authority, or cease the provision of such services.