August 23, 2022

Seems like .mudge has gone whistleblower on Twitter. Part of the Twitter defense seems to be trying to imply that mudge is incompetent.

Kevin Beaumont has a good thread on the whole thing.

Kevin Beaumont @GossiTheDog

.@dotMudge has gone in hard on Twitter.

washingtonpost.comFormer security chief claims Twitter buried ‘egregious deficiencies’An explosive whistleblower complaint from Peiter “Mudge” Zatko alleges that Twitter misled regulators and investors about gaping security holes and efforts to fight spam.

10:24 AM ∙ Aug 23, 2022

---

143Likes52Retweets

-

switched @switch_d

Army launches new Bring-Your-Own-Device pilot as it aims to leverage commercial capabilities - "Since this is done in a virtualized environment that is hosted up in the cloud through DoD, it is very, very, very secure...”

breakingdefense.comArmy launches new Bring-Your-Own-Device pilot as it aims to leverage commercial capabilities - Breaking Defense“Since this is done in a virtualized environment that is hosted up in the cloud through DoD, it is very, very, very secure... We’re pretty excited about this and it’s taken us a while to get to this point, both from a policy perspective and from a building out of the environment [perspective], but w…

12:47 PM ∙ Aug 23, 2022

---

1Like1Retweet

-

Entrust, a security company, was extorted by LockBit, a ransomware group. In retaliation a DDoS against LockBit’s site caused down time. The DDoS was done with http requests containing the string “delete entrust motherfuckers”

JD Work @HostileSpectrum

For the record, shoddy DDOS containing direct message strings is the CONOPS you get when private sector hackback debates have been stunted for decades, but victims still feel entirely on their own at moment of crisis. As opposed to restrained counter-cyber ops avoiding collateral

9:35 PM ∙ Aug 22, 2022

---

3Likes1Retweet

Background:

Kevin Beaumont @GossiTheDog

Based on the samples that LockBit are flogging, they did indeed exfiltrate data from Entrust.

11:18 AM ∙ Aug 20, 2022

---

20Likes3Retweets

vx-underground @vxunderground

Lockbit: "We're being DDoS'd because of the Entrust hack" vx-underground: "How do you know it's because of the Entrust breach?" Lockbit:

8:02 AM ∙ Aug 21, 2022

---

2,581Likes478Retweets

-

max seddon @maxseddon

The FSB claims it has solved Daria Dugina's murder. Predictably, Russia is blaming Ukrainian secret services: the FSB says a Ukrainian woman named Natalya Vovk rented a flat in Dugina's building, trailed her, planted the car bomb, and escaped to Estonia.

t.meРИА НовостиУбийство Дугиной раскрыто, главное: 🔻За убийством стоят украинские спецслужбы 🔻 Исполнитель - гражданка Украины Наталья Вовк, 1979 года рождения 🔻 Она прибыла в Россию 23 июля вместе с дочерью Софией Шабан 🔻 Они арендовали квартиру в доме, где жила в Москве Дугина 🔻 Для слежки за девушкой…

11:33 AM ∙ Aug 22, 2022

---

1,618Likes547Retweets

-

The NY fire department guide to forcible entry.

https://ia800207.us.archive.org/15/items/FDNYforcibleEntryReferenceGuide/FDNY_Forcible_entry_reference_guide.pdf

-

Reporting a vuln to CrowdStrike did not go smoothly. The amusing tale

https://www.modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.html

-

The most amusing part of Google’s response to this is how they say they don’t look at photos unless the user takes affirmative action. That action? Adding a photo to their photo album (while cloud syncing is enabled.)

Joe Mullin @joemullin

Here is a blog post I wrote for @EFF on some takeaways from this story and how it connects to our larger fight for real privacy.

eff.orgGoogle’s Scans of Private Photos Led to False Accusations of Child AbuseInternet users’ private messages, files, and photos of everyday people are increasingly being examined by tech companies, which check the data against government databases. While this is not a new practice, the public is being told this massive scanning should extend to nearly every reach of their..…

7:56 PM ∙ Aug 22, 2022

---

42Likes23Retweets

-

Axel Souchet @0vercl0k

I just released the source code of Paracosme: a zero-click remote memory corruption exploit I demonstrated at Pwn2Own 2022 Miami 🐛🐜🪲

github.com/0vercl0k/parac…

4:13 PM ∙ Aug 22, 2022

---

440Likes149Retweets

-

dunadan @udunadan

"At a time when prosecutors were just beginning to understand “how big the ’Ndrangheta had become and how much we had underestimated it,” Cerreti pointed out, female informants were an invaluable source of knowledge.

newyorker.comThe Women Who Took on the MafiaFamily loyalty made the Calabrian Mob strong, but its treatment of women was its undoing.

8:30 PM ∙ Aug 22, 2022

---

5Likes2Retweets

-

Best source of up to date daily Ukraine war maps.

https://deepstatemap.live/en

-

femb✦t @__femb0t

,,,,the sky above the television tuned to a dead channel was the color of a different, much older television tuned to a dead channel :(

7:42 PM ∙ Aug 22, 2022

---

2,886Likes661Retweets

-

k0shl @KeyZ3r0

So this is the blogpost about CVE-2022-22715 Windows Dirty Pipe, I share the root cause and exploitation on it, thanks all help from our @KunlunLab and Adobe Product Security Incident Response Team. Enjoy! Blog post: whereisk0shl.top/post/break-me-… PoC: github.com/k0keoyo/my_vul…

3:25 AM ∙ Aug 23, 2022

---

198Likes96Retweets

-

Steven Murdoch @sjmurdoch

Running Linux in a container (e.g. Docker or Kubernetes) subtly changes the way group permissions work. This creates a vulnerability that can allow security policies to be bypassed. More on Bentham’s Gaze:

benthamsgaze.orgVulnerability in Linux containers – investigation and mitigationOperating system access controls, that constrain which programs can open which files, have existed for almost as long as computers themselves. Access controls are still widely used and are more flexible and efficient when compared to cryptographically protecting files. Despite the long history, ther

1:57 PM ∙ Aug 22, 2022

---

70Likes26Retweets

-

Kushaan @kushaanshah

Found a Linkedin viral post generator and it's already my favorite part of the week lol

viralpostgenerator.com

5:44 PM ∙ Aug 22, 2022

---

129,841Likes14,894Retweets

-

RAND Corporation @RANDCorporation

Our research shows the United States is overwhelmingly responsible for racially and ethnically motivated violent extremism (REMVE) discourse online.

bit.lyA U.S. National Strategy Is Needed to Counter Violent ExtremismThe United States is overwhelmingly responsible for racially and ethnically motivated violent extremism (REMVE) discourse online. Counter-jihadist strategies that focus on organizations or individuals likely will not work to counter REMVE because the movement is diffuse and leaderless.

1:53 AM ∙ Aug 23, 2022

---

98Likes62Retweets

-

Corey Quinn @QuinnyPig

When I say “ads are a corrosive force when big tech gets addicted to the model,” this is what I’m talking about. “People won’t click the ads if we don’t trick them.” https://t.co/i5topv7HnC

Techmeme @Techmeme

Microsoft is putting more ads in Outlook for iOS and Android for users of its free services; ads appear at the top of inbox and look like real emails (@tomwarren / The Verge) https://t.co/ifdziCvkdm https://t.co/AFJVMsMNoh

1:42 AM ∙ Aug 23, 2022

---

216Likes82Retweets

-

Dr. Dad, PhD 🔄🔼◀️🔽▶️ @GarrettPetersen

Releasing wolves into Yellowstone national park had a very positive impact on the ecosystem. Here's what founders can learn about the benefits of releasing wolves into the office 🧵👇

4:16 PM ∙ Aug 22, 2022

---

950Likes153Retweets

-

Feross @feross

“Just use an npm package” @SocketSecurity

5:55 PM ∙ Aug 22, 2022

---

1,210Likes286Retweets

-

Eva @evacide

I didn’t think it would be possible for such a blatantly racist idea to get funding, but no one limbos under the bar of my already-low expectations like the Bay Area tech startup scene. https://t.co/rzEMV9GhcM

Avi Asher-Schapiro @AASchapiro

A Bay Area start-up that uses AI to erase accents & make call-center workers, & others, sound "whiter" raised a $23 million round earlier this summer. https://t.co/HV9MCwwVL7

6:30 AM ∙ Aug 23, 2022

---

689Likes193Retweets