December 2, 2022

Folks, this is bad news. Very, very bad. Hackers and/or malicious insiders have leaked the platform certificates of several vendors. These are used to sign system apps on Android builds, including the "android" app itself. These certs are being used to sign malicious Android apps!

https://bugs.chromium.org/p/apvi/issues/detail?id=100

Mishaal Rahman: "Folks, this is bad news. Very, very bad. Hackers …" - Android Dev Social

Attached: 1 image Folks, this is bad news. Very, very bad. Hackers and/or malicious insiders have leaked the platform certificates of several vendors. These are used to sign system apps on Android builds, including the "android" app itself. These certs are being used to sign malicious Android apps! https://bugs.chromium.org/p/apvi/issues/detail?id=100

-

Subscribe now

-

Riley Goodside @goodside

OpenAI's new ChatGPT explains the worst-case time complexity of the bubble sort algorithm, with Python code examples, in the style of a fast-talkin' wise guy from a 1940's gangster movie:

1:39 AM ∙ Dec 1, 2022

---

16,921Likes2,581Retweets

-

Samuel Bendett @SamBendett

1/ QUICK THEAD that continues the topic of Russia’s dependence on Chinese and imported comments for domestic quadcopter production - additional comments from CAST, one of Russia’s main defense think tanks. More below:

Samuel Bendett @SamBendett

1/ THREAD on the Russian Telegram-based feedback about this new "Dobrynya" quadcopter from Almaz-Antey. There was a lot of discussion and commentary about this drone and what is actually needed for the war, starting with anger at the Russian defense sector. Main points below. https://t.co/EezDZqPwYc

7:13 PM ∙ Dec 1, 2022

---

34Likes10Retweets

-

obsessed with this article by the Android team. just looking at the graphs it's like "rust go up, exploits go down" https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html

also holy shit Android has a lot of rust code now

-

Great followup on The Mystery of Metador by @milenkowski

Discover the anti-analysis techniques of the Mafalda implant, a unique, feature-rich backdoor used by the Metador threat actor.

https://www.sentinelone.com/labs/the-mystery-of-metador-unpicking-mafaldas-anti-analysis-techniques/

-

Great stuff from Kelly.

Kelly Shortridge @swagitda_

How can we waste attackers’ time, attention, and money? Can we inflict psychological damage on them?

Our new paper (@JosiahDykstra + other fine folks) answers these questions, introducing the concept of “sludge” against attackers for systems resilience: arxiv.org/pdf/2211.16626…