February 19, 2025
February 19, 2025
Reviewing the Cryptography Used by Signal - Dhole Moments
Last year, I urged furries to stop using Telegram because it doesn’t actually provide them with any of the privacy guarantees they think it gives them. Instead of improving Telegram’s c…
Thought DJI Wanted to Work With Me… Turns Out, Someone Wanted to Hack Me Instead.
— MyDFIR (@MyDFIR) February 17, 2025
Woke up to an email that had me grinning...a DJI collaboration request. I'm in the middle of planning an Asia trip, so this was a chance to get my hands on some gear from DJI...or so I thought.…
Thread by @MyDFIR on Thread Reader App – Thread Reader App
@MyDFIR: Thought DJI Wanted to Work With Me… Turns Out, Someone Wanted to Hack Me Instead. Woke up to an email that had me grinning...a DJI collaboration request. I'm in the middle of planning an Asia trip,...…
How ChatGPT Operator can be hijacked through prompt injection exploits on web pages : https://t.co/duTMDabPph
— Binni Shah (@binitamshah) February 18, 2025
Paper :
Trust No AI : Prompt Injection Along The CIA Security Triad : https://t.co/1NFLmQMFLc
From Prompt Injection to Remote Controlling Claude Computer Use… pic.twitter.com/MVQQAIZspH
Is anyone familiar with code which executes when the machine is locked?
— vx-underground (@vxunderground) February 18, 2025
You could invoke WTSRegisterSessionNotification and wait until the WM_WTSSESSION_CHANGE message is received with WTS_SESSION_LOCK to begin payload execution.
tl;dr malware only runs when machine locked
Nathan gets at a great point here.
— Brian in Pittsburgh (@arekfurt) February 19, 2025
You really, really need to think about selecting session/token max lifetimes very differently depending on the differing sensitivity of the accounts you are securing plus the reauth frequency toleration expected from different groups of users. https://t.co/Dbme0cKG2A