August 23, 2022
Seems like .mudge has gone whistleblower on Twitter. Part of the Twitter defense seems to be trying to imply that mudge is incompetent.
Kevin Beaumont has a good thread on the whole thing.
-
Army launches new Bring-Your-Own-Device pilot as it aims to leverage commercial capabilities - "Since this is done in a virtualized environment that is hosted up in the cloud through DoD, it is very, very, very secure...”
-
Entrust, a security company, was extorted by LockBit, a ransomware group. In retaliation a DDoS against LockBit’s site caused down time. The DDoS was done with http requests containing the string “delete entrust motherfuckers”
For the record, shoddy DDOS containing direct message strings is the CONOPS you get when private sector hackback debates have been stunted for decades, but victims still feel entirely on their own at moment of crisis. As opposed to restrained counter-cyber ops avoiding collateral
Background:
Lockbit: "We're being DDoS'd because of the Entrust hack"
vx-underground: "How do you know it's because of the Entrust breach?"
Lockbit:
-
The FSB claims it has solved Daria Dugina's murder. Predictably, Russia is blaming Ukrainian secret services: the FSB says a Ukrainian woman named Natalya Vovk rented a flat in Dugina's building, trailed her, planted the car bomb, and escaped to Estonia.
-
The NY fire department guide to forcible entry.
https://ia800207.us.archive.org/15/items/FDNYforcibleEntryReferenceGuide/FDNY_Forcible_entry_reference_guide.pdf-
Reporting a vuln to CrowdStrike did not go smoothly. The amusing tale
https://www.modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.html-
The most amusing part of Google’s response to this is how they say they don’t look at photos unless the user takes affirmative action. That action? Adding a photo to their photo album (while cloud syncing is enabled.)
Here is a blog post I wrote for @EFF on some takeaways from this story and how it connects to our larger fight for real privacy.
-
github.com/0vercl0k/parac…
-
"At a time when prosecutors were just beginning to understand “how big the ’Ndrangheta had become and how much we had underestimated it,” Cerreti pointed out, female informants were an invaluable source of knowledge.
-
Best source of up to date daily Ukraine war maps.
https://deepstatemap.live/en-
,,,,the sky above the television tuned to a dead channel was the color of a different, much older television tuned to a dead channel :(
-
So this is the blogpost about CVE-2022-22715 Windows Dirty Pipe, I share the root cause and exploitation on it, thanks all help from our @KunlunLab and Adobe Product Security Incident Response Team. Enjoy!
Blog post: whereisk0shl.top/post/break-me-…
PoC: github.com/k0keoyo/my_vul…
-
Running Linux in a container (e.g. Docker or Kubernetes) subtly changes the way group permissions work. This creates a vulnerability that can allow security policies to be bypassed. More on Bentham’s Gaze:
-
viralpostgenerator.com
-
Our research shows the United States is overwhelmingly responsible for racially and ethnically motivated violent extremism (REMVE) discourse online.
-
When I say “ads are a corrosive force when big tech gets addicted to the model,” this is what I’m talking about.
“People won’t click the ads if we don’t trick them.” https://t.co/i5topv7HnC
Techmeme @Techmeme
-
Releasing wolves into Yellowstone national park had a very positive impact on the ecosystem. Here's what founders can learn about the benefits of releasing wolves into the office 🧵👇
-
-
I didn’t think it would be possible for such a blatantly racist idea to get funding, but no one limbos under the bar of my already-low expectations like the Bay Area tech startup scene. https://t.co/rzEMV9GhcM
Avi Asher-Schapiro @AASchapiro
Don't miss what's next. Subscribe to the grugq's newsletter: