August 8, 2022

Administrivia

This week is the start of “Hacker Summer Camp” when many infosec people go to Vegas rather than post interesting stuff on Twitter. It will be a slimmer “hot newsletter summer”…ah…newsletter until things return to normal. Hopefully the talks will output good content to include.

-

The new Perun video is out. He addresses the use of rockets and missiles during the Ukraine war which has some interesting points/parallels for cyber. In particular, everyone was expecting a huge Russian missile and rocket barrage to open the war. That never happened. (Expectations of a massive event that failed to materialise. Sound familiar?)

The likely reason for the lack of massed fires was probably the Russian strategic vision of a short sharp victory. They planned for a micro-war. One where mass destruction of Ukrainian infrastructure and civilian targets would be detrimental to the strategic objective — ensuring a friendly Ukrainian state.

A friendly state is no good if the population hates you for your massive bombardment, and also the economy is destroyed due to said massive bombardment. Hence, no massed fires during the opening phase. (That’s the theory.)

If you’ve seen my talk on Russia cyberwar in Ukraine, you’ll know I make the same argument for why there wasn’t a huge cyber assault. Both cyber and missiles were used to attack air defence systems. Targets of immediate tactical value for the planned regime change strikes.

There were no “strategic” attacks because the war was never meant to last long enough for such attacks to be necessary. Indeed, given how the population was expected to be friendly, any strategic level attacks would create more problems than they would solve.

You don’t deny, destroy, disrupt the power grid the day before you seize the country. You want that power grid so ppl can watch your victory parade on TV.

-

Historic Vids @historyinmemes

Behind the scenes of the development of Mortal Combat released in 1992

2:16 PM ∙ Aug 6, 2022

---

66,168Likes9,011Retweets

-

This is cool. The new (from 2021) Linux security module for unprivileged programs to restrict their access rights, e.g. sandbox.

https://landlock.io

-

Using Landlock to Sandbox GNU Make

Using Landlock to Sandbox GNU Make

Sandboxing for builds never been easier

-

Jeff Horwitz @JeffHorwitz

Good morning to everyone, especially the Facebook Blender.ai researchers who are going to have to rein in their Facebook-hating, election denying chatbot today

11:46 AM ∙ Aug 7, 2022

---

5,469Likes926Retweets

-

Martijn Grooten @martijn_grooten

This whole thread is a very good introduction into the current Greek spyware scandal, in which a journalist and a leading opposition MP were targeted with Predator.

Daphne Papadopoulou @daphnenews

👉 #Predator scandal: PM Mitsotakis' secretary general (and nephew) Grigoris Dimitriadis who, according to a report by @reporters_gr journos @boublis & @Chondrogiannos, had been indirectly linked to people selling the spyware, resigned today #Greece https://t.co/BKX6Tatv6h https://t.co/Fpv0oXnuTl

12:47 PM ∙ Aug 8, 2022

---

3Likes5Retweets

-

Lawfare @lawfareblog

A late night read for your Sunday.

The attack on the Capitol was enabled by a law enforcement culture that has ignored white supremacy and far-right extremism

From @vidabjohnson: