April 20, 2022

                April 21, 2022

            April 20, 2022

            Dr Bret with an excellent analysis of the state.
Bret Devereaux @BretDevereauxMy own view is this: the state is, by its nature, a violence machine.  It exists to limit violence by channeling it; it is a necessary evil - without the state, you get even more violence.

But that means every state generates violence on its conceptual fringes.4:55 PM ∙ Apr 19, 2022
97Likes13Retweets
Project Zero’s year in review of 0day caught in the wild, 2021.
Out of the 58 in-the-wild 0-days for the year, 39, or 67% were memory corruption vulnerabilities:
17 use-after-free
6 out-of-bounds read & write
4 buffer overflow
4 integer overflow

https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html

More on 0days in a handy up to date database with email alerting. Interesting paper too. Keep in mind, of course, that this is not a complete coverage of all 0day that we’re in use during the time periods covered. 

https://www.zero-day.cz/research/

Apparently pwn2own is happening now. It’s the one where the Chinese don’t compete, so it’s a different set of targets.
Zero Day Initiative @thezdiConfirmed! Axel '0vercl0k' Souchet of doar-e.github.io used a double free bug to execute his code on Iconics Genesis64. He wins $20,000 and 20 Master of Pwn points. #Pwn2Own #P2O 
6:52 PM ∙ Apr 19, 2022
163Likes26Retweets
The Ukrainian counterintelligence service has caught a GRU controlled agent. He was operating for 8 years. During that time the GRU helped to manage his career, and he became quite successful. A detailed look at a classic espionage operation.
Telling your Uber driver and his camera about your criming is a bad idea.
Ryan J. Reilly @ryanjreilly
“Well, how’d that work out for ya?”

The latest Jan. 6 defendant, busted via Uber cam. 
4:27 PM ∙ Apr 19, 2022
6,017Likes1,298Retweets
drewtoothpaste @drewtoothpastethere's a mechanic in Kenya called Autocorrect google.com/maps/@-1.29246… 
4:39 PM ∙ Apr 19, 2022
207Likes33Retweets
Some initial Russian successes in Ukraine were due to treason. 
Heranimos Swingle, Padded Gambeson Man @Pasha_Spider@greygossling @SashoTodorov1 We have some more confirmation that Kherson was in part captured due to treachery. wsj.com/articles/in-uk… 
12:11 AM ∙ Apr 20, 2022
11Likes5Retweets
More details here.

https://www.thenation.com/article/world/kherson-ukraine-russia/

The current (public) issue of the CIA’s studies in intelligence.

https://www.cia.gov/static/58097b25db4cfed1c5b116688fbc000d/StudiesExtracts-March2022-Vol66No1-4.pdf

Keen Labs has released a security tool for finding vulns.

https://github.com/KeenSecurityLab/BinAbsInspector

Micah has been collecting a long list of all the hacks against Russia.
Micah @micahflee
I don't think people fully appreciate just how much, after invading Ukraine, people are hacking Russia. There are multiple hacks a week and it's only increasing. For first time in internet history Russia is fair game for cyber attacks, and this is what it looks like 🧵8:56 PM ∙ Apr 19, 2022
23,449Likes5,746Retweets
NSO is getting hammered again, along with the entire cyber surveillance industry.
Anna Júlia Donáth @donath_anna
We now know what we could only have guessed: several EU governments have built surveillance states with the #Pegasus cyberweapon. /1 
4:44 PM ∙ Apr 19, 2022
646Likes292Retweets
An example of why using cryptocurrency for actually currency is a bad idea.
web3 is going just great @web3isgreat
First crypto burger purchase at Bored Ape restaurant illustrates why people don't widely do this

April 9, 2022
web3isgoinggreat.com/?id=first-cryp… 
10:55 PM ∙ Apr 19, 2022
4,441Likes733Retweets

A nice explainer on the semiconductor industry
Leandro @Invesquotes
I tried to make a one-pager to serve as a quick intro to the semiconductor industry but, unfortunately, I needed three pages 😅

This first page goes over the types of chips and how a chip is made.

Hope you enjoy it and feel free to share if you do! 
2:50 PM ∙ Apr 19, 2022
1,170Likes263Retweets

Lemuel Lyes @LemuelLyes
Last month I did the unthinkable and finally threw out that box of unloved cables that I've dragged with me through adulthood.

Today I realised that I needed one of them and have no idea how to find a replacement.

CONSIDER THIS A WARNING TO YOU ALL12:44 AM ∙ Mar 28, 2022
352,571Likes32,528Retweets

Great explainer from Thomas.
Thomas H. Ptacek @tqbf
Welp. It’s the crypto bug of the year. Mark it down for April. Java 15-18 ECDSA doesn’t sanity check that the random x coordinate and signature proof are nonzero; a (0,0) signature validates any message. Breaks JWT, SAML, &c. neilmadden.blogCVE-2022-21449: Psychic Signatures in JavaThe long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, thi…12:12 AM ∙ Apr 20, 2022
1,575Likes707Retweets

Vanessinator 🤖 T-80085 @ilovejohnkimble
Not a cellphone in sight. Just ppl living in the moment. 
5:31 PM ∙ Apr 19, 2022
87,983Likes9,570Retweets

You know times are hard when Putin makes two of his top guys share a sex worker on a business trip.
Michael Weiss 🌻🇺🇸🇮🇪 @michaeldweiss
.@michaeldweiss obtains photographic evidence that in 2018 Russian Foreign Minister Sergei Lavrov was on official diplomatic business to Japan with his mistress, oligarch Oleg Deripaska — and a Russian sex worker | @newlinesmag newlinesmag.comExclusive: Sergei Lavrov and Oleg Deripaska Traveled With a Sex Worker to Japan in 2018On official business in Tokyo, Russia’s foreign minister was with its most notorious oligarch in the company of the former’s mistress and the latter’s escort, a sex worker3:30 PM ∙ Apr 20, 2022
496Likes237Retweets

Russia is no longer cooperating with the US on REvil. In related news,  apparently Russia was cooperating with the US on REvil. In other related news, REvil is back and has ransomwared a load of companies. (Yes, I know, REvil was arrested in January. I guess this is the cyber criminal circle of life.)
Oleg Shakirov @shakirov2036Some noteworthy details on Russia-U.S. cyber dialogue (when it was a thing) & cooperation on REvil in this interview with Oleg Khramov, deputy secretary of Russia's Security Council in charge of information security, that I missed before

rg.ru/2022/04/07/sov…
6:34 PM ∙ Apr 19, 2022
26Likes9Retweets

Decryption? We don’t need no stinking decryption 
Haley Britzky @halbritz
A *chef’s kiss* moment from today with Team 41 — during the mystery event, competitors were instructed to decode a message which would include the key to unlock the box. 

*Technically* the instructions didn’t say you had to decode the key first… 
10:51 PM ∙ Apr 9, 2022
5,595Likes792Retweets

                Don't miss what's next. Subscribe to the grugq's newsletter: