April 22, 2022

                April 23, 2022

            April 22, 2022

            Some good news on software supply chain security.
theopenssf @theopenssf
Today we’re announcing the creation of the Securing Software Repositories Working Group as part of OpenSSF, learn more at: openssf.orgYour Favorite Software Repositories, Now Working Together - Open Source Security FoundationAuthors: Dustin Ingram (Google), Jacques Chester (Shopify) A software repository is a critical component of any open source ecosystem: it provides a trusted central channel to publish, store and distribute...9:38 PM ∙ Apr 19, 2022
73Likes34Retweets

A reasonable debate to be had on the topic.
chrisrohlf @chrisrohlf
I like this piece and it's proposal. But when you're primarily a consumer of technology your ability to "defend" it is extremely limited. You have to look much further upstream to its source if you really want to fix the problem vs continuously tread water. 
Chris Inglis @ncdinglis
Cyberspace is made up of overwhelmingly private components yet has incalculable public value. We need a new social contract of shared responsibility in this new domain. https://t.co/vWohBkgeYM8:23 PM ∙ Feb 21, 2022
6Likes2Retweets

UAE Exotic Falconry & Finance @FalconryFinance
The bloated US F-35 costs $80 million per plane and $36,000 per fight-hour. A trained Arabian hunting falcon requires only a place to roost and one hare daily. One self-guided smart falcon can jam a jet engine. Two can crack a cockpit canopy. Three can devour a downed pilot. 
3:32 AM ∙ Oct 14, 2021
419Likes91Retweets

Thomas H. Ptacek @tqbf
Zoom is down for the US Government, because DNSSEC. dnsviz.netwww.zoomgov.com | DNSViz6:37 PM ∙ Apr 21, 2022
146Likes42Retweets

It turns out the Air Force can develop a new UAV in weeks when they need to. 
Paul McLeary @paulmcleary
The mystery of the 'Phoenix Ghost' drone the US is sending to Ukraine is solved - it can fly for 6 hours tracking a target, operate at night and blow up armored vehicles. @LeeHudson_ and I got the details politico.comMystery drone: How the Air Force fast-tracked a new weapon for UkraineThe “Phoenix Ghost” drones were developed by California-based Aevex Aerospace.2:28 AM ∙ Apr 22, 2022
1,310Likes367Retweets

Research on how people actually interact with YouTube suggests that there isn’t a “rabbit hole” and… idk. I’m not convinced. Just, anecdotally, it is obvious that people do rabbit hole. They start on something and it gets reinforced and they dive in. So, maybe it isn’t the YT algorithm with “play next”… but there’s definitely some behaviour pattern that exists. It would be good to have an understanding of that.
The research isn’t perfect, and has some issues according to disinformation researcher I respect.
Christian Hoffmann @cphoffmann
The “rabbit hole” is going the way of the ”filter bubble” 👋🏽  Another great study by @BrendanNyhan @JasonReifler and colleagues https://t.co/ZCqnpMtfvX
Brendan Nyhan @BrendanNyhanKey findings https://t.co/VfcOUkSZ9t
-Viewership of potentially harmful alternative & extremist YouTube channels heavily concentrated among subscribers
-Viewers frequently come from off-platform sources
-Algorithmic recs from normal content rare
-"Rabbit hole" patterns very rare https://t.co/fai8VrvPD1 https://t.co/UNGuQrWK6l8:23 PM ∙ Apr 21, 2022
20Likes5Retweets
And there is some data which suggests it is wrong in cases. Jury is still out, and whenever there’s a finding which seems really counter to evidence/experience it’s good to be a bit sceptical about the claims.
E Rosalie @NovelSci
Network analysis of the top link, a youtube video, trending among right-leaning non-state Twitter accounts. This is where that link is leading to and from and a lot of people sitting in this web right now. #disinformation #influence @womenindisinfo 
2:22 AM ∙ Jun 15, 2021
24Likes9Retweets

I love the aesthetics of propaganda posters. 
PsyWar.Org 🇺🇦🌻 @psywarorg
The truth destroys the enemy (Poster from the Ukrainian Centre for Counter Disinformation). 
5:22 AM ∙ Apr 22, 2022
19Likes8Retweets

Weird news in the cybers. A crypto startup in Kyiv has built a multi platform LOIC clone, allowing swarms of ppl to collaboratively DDoS targets (presumably in Russia.)
If they really wanted to help out they would get Putin into NFTs, or convince him that he can solve his Army corruption problem with blockchain. 

            Inside the Ukrainian Crypto Startup Waging Cyberwar on Russia
            Hacken helps crypto businesses with cybersecurity. Now, with the war at home, it’s also leading a guerilla offensive against the Russian internet.

Phones are bad for privacy. Part some-huge-number in a series. 

            Anomaly Six Demo’d Surveillance Powers by Spying on CIA
            Anomaly Six claims to monitor the movements of billions of phones around the world and unmask spies with the press of a button.

Analysis of an exploit used in a recent crypto heist. The vulnerable contract had a sort of… time of check time of use bug, plus… some other stuff… 

            Beosin’s Analysis of the ZEED Exploit : The hacker has self-destructed the contract before transferring funds out | by Beosin | Medium
            On April 21th, 2022, according to Beosin EagleEye, ZEED’s contract on BNB Chain was exploited for about $100M. Beosin security team…

Offensive con talks are trickling out.

Channel available here:

https://www.youtube.com/channel/UCMNvAtT4ak2azKNk6UlB1QQ

Lapsus$ stole T-Mobile source code. I guess they can compile and release their own telco now??
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code – Krebs on Security 

https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/

                Don't miss what's next. Subscribe to the grugq's newsletter: