December 9, 2022

                December 9, 2022

            December 9, 2022

Jan Lemnitzer @JanLemnitzer
E-government German style: students have finally Ben allowed to apply for grants online, but since the administration was incapable of processing electronic docs extra staff had to be hired to print them out... @thegrugq @ciaranmartinoxf
spiegel.deBafög-Ämter müssen Anträge ausdrucken – teils mit extra PersonalStudierende können Bafög online beantragen – aber da endet die Digitalisierung. Für Ämter bedeutet das Mehrarbeit, für Studierende längere Wartezeit. Verantwortlich sind laut Studierendenwerk die Bundesländer.4:48 PM ∙ Dec 8, 2022
9Likes2Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

The Ruck @TheRuckNews
NEW TODAY: @PaulSzoldra mingles with the masters of the military-industrial complex and shares the view from the wine-sipping trenches of contracts, bureaucracy, and generals being followed by people with papers vital to the national interest.

theruck.newsPeace through strengthMingling with the masters of the military-industrial complex.6:10 PM ∙ Dec 8, 2022
6Likes7Retweets
-
Jeremy Kirk (@jkirk@infosec.exchange) @Jeremy_Kirk.@medibank will take systems offline this weekend for security hardening, a project called Operation Safeguard. Improvements include bolstered monitoring, more detection and forensic capabilities and 3rd pty analysis support. PR here: medibank.com.au/livebetter/new… #auspol #infosec
medibank.com.auMedibank to undertake ‘Operation Safeguard’ at the weekendMedibank and ahm systems will be temporarily offline from 8.30pm AEDT Friday 9 December 2022 as we undertake some maintenance to further strengthen our systems and enhance security protections.11:38 PM ∙ Dec 8, 2022
30Likes9Retweets
-
@Pwnallthethings@mastodon.social @pwnallthethings
ICYMI, from two days ago: @KimZetter's great post about western cybersecurity and tech firms assisting Ukraine.
zetter.substack.comSecurity Firms Aiding Ukraine During War Could Be Considered Participants in ConflictExperts say cybersecurity companies helping to defend Ukraine against Russian cyberattacks during the war could be considered direct participants in the hostilities and open themselves to attack.3:00 AM ∙ Dec 9, 2022
45Likes11Retweets
@Pwnallthethings@mastodon.social @pwnallthethings
@KimZetter It's a super interesting Q! But is it right?

So, anyway, what do you have to do to become a "direct participant in hostilities"? What does it mean if you do? Does co-locating military data make that happen? And could it drag us all into war if they did?

 pwnallthethings.comNo, Tech Companies and Cybersecurity Firms Aren’t Close to Becoming Direct Participants in the Conflict by Helping UkraineAnd it’s not particularly close. But here’s what the Laws of Armed Conflict have to say about it.3:05 AM ∙ Dec 9, 2022
20Likes5Retweets
-
John McElhone @johnmcelhone8The photo of the U.S. Air Force's new stealth aircraft is on the left, taken at night, with stars in the background.
We can use them to find the exact location of the jet

(thread) U.S. Air Force @usairforce
Unveiled today, the B-21 Raider will be a dual-capable, penetrating-strike stealth bomber capable of delivering both conventional and nuclear munitions. The B-21 will form the backbone of the future Air Force bomber force consisting of B-21s and B-52s.(U.S. Air Force photo) https://t.co/X6KSU7sy6U2:48 AM ∙ Dec 8, 2022
4,511Likes946Retweets-
By popular demand, I have scanned my copy of Draft #1 of #Kernighan and #Ritchie's C Programming Language book. Here: https://drive.google.com/drive/folders/1OvgKikM8vpZGxNzCjt4BM1ggBX0dlr-y #ComputerHistory #UNIX #CLang

https://mastodon.social/@aka_pugs/109480716344891925

-
Shared by my Daughter
"I need privacy, not because my actions are questionable, but because your judgement and intentions are"
In response to "if you have nothing to hide you have nothing to fear"

https://infosec.exchange/@itisiboller/109472911587284824

-
Well formatted free eBooks

https://standardebooks.org/

-
Apostolos Malatras @a_malatras
At @enisa_eu we are often asked, why is information manipulation in the threat landscape?
Together with @eu_eeas colleagues and @ErikaMagonara from #ENISA we try to answer and explain how one can map the information manipulation threat landscape!
Excited to hear your views! 
ENISA @enisa_eu
Cybersecurity & Foreign Interference in the 🇪🇺 Information Ecosystem

New threat landscape by @eu_eeas and #ENISA looks at the interplay between #cybersecurity and Foreign Information Manipulation and Interference.
https://t.co/zPjY9bIEiz #disinformation https://t.co/isxcpz621b
3:20 PM ∙ Dec 8, 2022
13Likes4Retweets
-
Janus Rose @janusrose
fyi, none of the AI ethicists i’ve spoken to are saying this. they simply recognize that automation amplifies asymmetric power at the expense of the vulnerable & marginalized — unfortunately something a lot of puzzlebrain engineering types don’t seem to understand, or care about. 
Yann LeCun @ylecun1- Long-termist AI ethicists: OMG, AI will destroy use because it's too smart!
2- Short-termist AI ethicists: OMG AI will destroy society because it's too stupid!

Both #1 and #2 underestimate human intelligence, learning abilities, and resilience.3:01 PM ∙ Dec 8, 2022
223Likes70Retweets
-
Eileen Clancy @clancynewyork
"How US police use counterterrorism money to buy spy tech." Spoiler: it's FEMA. William Fitzgerald @william_fitz“This is almost like a hidden funding stream that boosts local police budgets and also feeds into this web of data abstraction, data collection and analysis, and reselling consumer data,” says Alli Finn, a senior researcher with @ImmDefense

https://t.co/5WGGuOzZH2 tip @Techmeme3:00 PM ∙ Dec 8, 2022
20Likes8Retweets-
Everything old is new again. Sniffing ssh passwords (like from yesterday’s newsletter) on openbsd. In case you find yourself hacking into 2004 or something…
💾 Astr0 Baby @astr0baby
@0xdea And here is how you can do this on OpenBSD 
astr0baby.onlineIndex of /OpenBSD/SSH-SNOOPING/6:18 AM ∙ Dec 9, 2022
3Likes1Retweet
-
Speaking openbsd, here’s a dive into a 24yr old bug in ping. 

https://tlakh.xyz/fuzzing-ping.html

-
Seth Jenkins wrote a blog post on a new kernel exploitation technique for exploiting a temporary-increment-at-controlled-address bug without an infoleak: https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html

https://infosec.exchange/@jann/109479665211569238

-
“Fuck Nuance” by Kieran Healy

https://kieranhealy.org/publications/fuck-nuance/

"Sociologists typically use nuance as a term of praise. Almost without exception, when nuance is mentioned it is because someone is asking for more of it. I argue that, for the problems facing sociology at present, demanding more nuance typically obstructs the development of theory that is intellectually interesting, empirically generative, or practically successful."
ht @albertocairo@mastodon.social

https://ioc.exchange/@againsthimself/109480527332836653

-
Joshua Browder @jbrowder1
DoNotPay is building a chrome extension where you can specify something like “negotiate my Comcast bill down,” and it will use the Comcast online chat to lower your bill with GPT-3.

Over time, Comcast will also use LLMs. So robots will just be negotiating with each other!
9:55 PM ∙ Dec 6, 2022
11,755Likes1,093Retweets
-
Lukasz Olejnik (@LukaszOlejnik@Mastodon.Social) @lukOlejnikIn a similar vein, French DPA fined another company €300k, again highlighting an infringement during bad password management/policy. Plain-text passwords stored, and transmitted over email. France & #GDPR will kill bad passwords? Why not use article 25? legifrance.gouv.fr/cnil/id/CNILTE… 
9:08 AM ∙ Dec 9, 2022
2Likes1Retweet
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Don't miss what's next. Subscribe to the grugq's newsletter: