February 13, 2023

                            February 13, 2023

                February 13, 2023

Jeff Kosseff @jkosseff
In 2017, I testified in the House Judiciary Committee that FISA 702 is constitutional. It is up for reauthorization again this year, and in Lawfare I explain why I have far greater concerns this time around. lawfareblog.comIf Congress Wants to Protect Section 702, It Needs to Rein in the FBISection 702 is vital to national security. That’s why Congress must stop the FBI’s overreach.3:54 PM ∙ Feb 9, 2023
4Likes4Retweets
-
Mid-Career Army Officer @MidOfficer
In 2023 we are only explaining complicated and complex defence issues with Simpsons memes. And maybe a few balloons. 
12:35 AM ∙ Feb 12, 2023
372Likes55Retweets
-
aidan @aidanshandle
Google Maps but it has Fog of War for places you haven’t yet visited 
11:50 PM ∙ Feb 11, 2023
50,748Likes5,001Retweets
-
Bes D. Marx @BesDMarx

The New York Times @nytimes
A Yale economics professor has some ideas for how to deal with the burdens of Japan’s rapidly aging society. The “only solution,” he said, is mass suicide of the elderly, including ritual disembowelment. https://t.co/krlL3Ytd2e5:21 PM ∙ Feb 12, 2023
18,872Likes2,281Retweets
-
Jeff Moss @thedarktangent#OpenSSL had security updates on Feb 7th & I was curious if the work done on the V3.x rewrite helped mitigate them compared to 1.1.1x

Nope!

Every problem impacted both 1.1.1x and 3.x
openssl.org

Don't assume a rewrite / refactor / etc. will unearth all your bugs.
openssl.org/index.html3:01 AM ∙ Feb 13, 2023
32Likes11Retweets
-
z3dster𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸𝅸 @z3dster
Leeetssssss gooooo 
7:00 PM ∙ Feb 3, 2023
36Likes9Retweets
-
Tib3rius @0xTib3rius
If you want good examples for SQL injection, use these.

Auth Bypass: admin'; -- -

SELECT * FROM users WHERE username = 'admin'; -- -' AND password = 'password'

Boolean: ' AND '1'='1 / ' AND '1'='2

SELECT * FROM articles WHERE author = 'admin' AND '1'='1' 
Tib3rius @0xTib3riusOR 1=1 should not be the go-to example for SQL injection. I understand why it is, but using it without mentioning the risks is teaching bad practice.

OWASP, Portswigger, Wikipedia, Rapid7, Snyk etc. are all doing it.

I'm gonna die on this hill. 🤬5:15 PM ∙ Feb 12, 2023
821Likes158Retweets
-
HackGit @hack_gitExploitLeakedHandle

 A utility that identifies handles in unprivileged processes that may have been inherited from a privileged parent process and attempts to leverage them for local privilege escalation.

github.com/0x00Check/Expl…

#redteam t.me/hackgit/7512 
11:57 AM ∙ Feb 11, 2023
70Likes14Retweets
-
Mark C. @LargeCardinal
This is one of the funniest things I've ever seen... 
5:12 PM ∙ Feb 8, 2023
1,324Likes426Retweets
-
Starfish PhDing in Plankton and Salmon Studies @IRHotTakes
What if Alien Twitter is dunking on the missionaries who thought it would be smart to go to the North Sentinel Island of space?10:23 PM ∙ Feb 11, 2023
250Likes39Retweets
Starfish PhDing in Plankton and Salmon Studies @IRHotTakes
France suffering from the aliens’ inability to tell the earth monkeys apart. 
Faytuks News Δ @Faytuks
A 1-meter meteoroid has been detected and is expected to safely strike Earth's atmosphere over northern France between 3:50-4:03 CET, European space agency says1:20 AM ∙ Feb 13, 2023
50Likes9Retweets
Starfish PhDing in Plankton and Salmon Studies @IRHotTakes
what if this is the alien version of shaking ants in a jar to make them fight 
Global Times @globaltimesnews
Local maritime authorities in East China's Shandong Province announced on Sunday that they had spotted an unidentified flying object in waters near the coastal city of Rizhao in the province and were preparing to shoot it down, reminding fishermen to be safe via messages. https://t.co/aQbUntwy4m12:09 PM ∙ Feb 12, 2023
73Likes8Retweets
Starfish PhDing in Plankton and Salmon Studies @IRHotTakes
or like an alien YouTuber stunt 

“monkey nuke challenge 2023”12:12 PM ∙ Feb 12, 2023
25Likes2Retweets
-
Aelfred The Great @aelfred_D
“To whom it may concern”
- vague
- weak
- ignorable 

“To whom it will concern”
- ominous
- strong
- alarming10:42 PM ∙ Aug 11, 2021
55,879Likes11,993Retweets
-
Vlad @vladquant
Bing subreddit has quite a few examples of new Bing chat going out of control. 

Open ended chat in search might prove to be a bad idea at this time!

Captured here as a reminder that there was a time when a major search engine showed this in its results. 
5:00 AM ∙ Feb 13, 2023
2,431Likes446Retweets
-
This is some anti forensics style attack. Find the vulnerability in the detection implementation and then operate in that space.
Aristotle Tzafalias @Aristot73
"the slow blade penetrates the shield" 
Ravi Nayyar @ravirockks
'“We’re not filtering out slow moving objects as per usual,” one U.S.-based security source told... The filtering allowed defense monitors to watch for fast moving objects..., while ignoring mundane slower moving objects that don’t pose a threat, the source explained'.9:51 AM ∙ Feb 13, 2023
17Likes6Retweets
Ok, it’s just regular hacking, or exploitation… but still. I love it. :D
-

                            Don't miss what's next. Subscribe to the grugq's newsletter: