December 18, 2022

                            December 18, 2022

                December 18, 2022

                        Last newsletter of the year, unless inspiration strikes.
-
Matthew Green @matthew_d_green
I think we’re about to see an explosion of new end-to-end encrypted cloud services. bleepingcomputer.comGoogle introduces end-to-end encryption for Gmail on the webGoogle announced on Friday that it’s adding end-to-end encryption to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within their domain and outside their domain.3:07 PM ∙ Dec 17, 2022
1,600Likes242Retweets
-
Matthew Green @matthew_d_green
This letter is pretty amazing. It’s from a Senate Armed Services member explaining how they’re going to build the infrastructure to monitor most Internet users, network-wide using private DNS metadata. https://t.co/zy8eh59hvu
Wolfie Christl @WolfieChristl"Both DNS and Netflow from them will be a goldmine. The fact that they have international recursive traffic - something that we only really get from Neustar - is just mind blowing"

FOIA records on Georgia Tech, DoD and others with some additional detail:
https://t.co/C9cRhiUSOC https://t.co/V6qE1F7xMK4:35 PM ∙ Dec 17, 2022
385Likes149Retweets
-
Wolfie Christl @WolfieChristlNeustar operates a giant identity surveillance system called 'OneID' that contains personal information on the whole US population. It's being used to recognize, track and follow people across myriads of services and to exchange digital profiles on them.
mmaglobal.com/files/webinars… 
1:56 PM ∙ Aug 30, 2022
43Likes26Retweets
-
Randall Munroe @xkcdGravity xkcd.com/2712/

Today’s comic is interactive! Click the image on xkcd.com and use arrow keys or tap to fire thrusters. 
2:37 AM ∙ Dec 17, 2022
6,729Likes862Retweets-
An alleged Russian smuggling ring found in N.H. town
US authorities indict seven people tied to a global ring that allegedly funneled ‘military-grade’ parts to Russia

https://www.bostonglobe.com/2022/12/13/metro/spies-microchips-night-lights-story-an-alleged-russian-weapons-smuggler-small-town-nh/

-
Dino A. Dai Zovi @dinodaizovi
This tailnet lock design and whitepaper by @Tailscale is *really* *really* good:

tailscale.comTailnet lock white paperThis white paper on tailnet lock is a draft. It is shared to solicit feedback on the design and implementation of tailnet lock. Abstract Modern VPNs have made large headways in reducing the attack surface of the networks they protect, by using modern cryptography for end-to-end encryption, and co…8:30 PM ∙ Dec 17, 2022
56Likes5Retweets
-
Brendan Dolan-Gavitt @moyix
Using ChatGPT to clean up bad decompiler output seems to work quite well! Left: original Ghidra decompilation; right: cleaned up version, with an explanation for why it's better. 
8:24 PM ∙ Dec 16, 2022
152Likes12Retweets
-
Christiaan Triebert @trbrtc
For those new to openly available flight tracking data, make sure to check out @gianfiorella's “A Beginner Guide to Flight Tracking” on @bellingcat. bellingcat.comA Beginner’s Guide To Flight Tracking - bellingcatTranslations:English (UK)EspañolFlight tracking is an accessible and useful tool for open source investigators. Being able to track the movements of aircraft belonging to powerful individuals and armed forces can add important details to stories, or even uncover entire new narratives. There are seve…10:34 AM ∙ Dec 16, 2022
1,347Likes507Retweets
-
Werner Vogels @Werner
Apparently #ChatGPT is more than willing write jokes about me. As the brilliant replies show. But this one beats it all. Thanks @indygupta.  
Werner Vogels @Werner
Well, that is no fun.... #ChatGPT https://t.co/kSOTGORwDi12:09 PM ∙ Dec 17, 2022
241Likes35Retweets
-
RetroTech Chris Is Celebrating #DOScember2022 @RetroTechChris
So, this is fun! I connected a DOS PC to a Windows XP system using a null modem cable.  I can browse the web and share files! 
12:54 AM ∙ Dec 18, 2022
165Likes18Retweets
-
joshua steinman (🇺🇸,🇺🇸) @JoshuaSteinmanGermans going to get absolutely owned (industrial/diplomatic espionage) with this terrible decision. 

Would not be surprised if Chinese give RU access as well.

⁦@RichardGrenell⁩ and I worked for years to convince them to use European mfg’rs. reuters.comGermany ups reliance on Huawei for 5G despite security fears -surveyGermany has become even more dependent on Huawei for its 5G radio access network equipment (RAN) than in its 4G network despite growing worries about Chinese involvement in critical infrastructure, according to a new report.4:44 PM ∙ Dec 17, 2022
216Likes73Retweets-
An easy-to-miss, but pivotal, change has just been committed to the MAME source repository: https://github.com/mamedev/mame/tree/new68k
This is a brand new Motorola 68000 emulation core, using the actual 68000 microcode to generate the emulation code from a roughly 2400-line Python script.
Beyond having a positive impact on how granular MAME can get in emulating arcade games, this allows for cleaner handling of *any* system that used /DTACK. Low-level emulation of the CD-i peripheral controller is on the horizon.

https://mastodon.sdf.org/@TheMogMiner/109524760701318512

-
Reverse Engineering of a Not-so-Secure #IoT Device #reverseEngineering #infosec

https://mcuoneclipse.com/2019/05/26/reverse-engineering-of-a-not-so-secure-iot-device/

https://framapiaf.org/@sebkirche/109532714161910726

-
thaddeus e. grugq 🌻 @thegrugq@infosec.exchange @thegrugq
Use mem safe languages
Architect systems for impact containment
Reduce attack surface
Increase telemetry
Maximise attacker costs & risks https://t.co/oOENCXysgR5:42 AM ∙ Oct 11, 2017
478Likes157Retweets

                            Don't miss what's next. Subscribe to the grugq's newsletter: