February 22, 2023

Between Two Nerds: Is cyberespionage actually signals intelligence?

I really enjoyed this conversation with Tom and I highly recommend listening to it.

@cynicalsecurity @thegrugq @taurus_hq we already have @thegrugq's spirit with us when we do key ceremonies in that room – and @dystopiabreaker's too

Russia says it will fast-track testing of tank-killing robot in Ukraine

Russia has announced that it is sending robotic tank killers to Ukraine.

As Ukraine receives western-built tanks, Russia has announced it is sending robots designed to destroy them.

raptor@infosec.exchange @0xdea

#Fortinet #FortiNAC CVE-2022-39952 #Vulnerability Deep-Dive and IOCs by @Horizon3Attack

Writeup: horizon3.ai/fortinet-forti…

PoC: github.com/horizon3ai/CVE…

Adam Segal (@adschina@mastodon.social) @adschina

China is using its courts and patent panels to pry technology from Western nations. Some U.S. and European companies are crying foul. wsj.com/articles/u-s-c… via @WSJ

wsj.comChina’s Newest Weapon to Nab Western Technology—Its CourtsRulings have nullified patents in industries China deems important, including technology, pharmaceuticals and rare-earth minerals. “It is puzzling that so many cases went wrong at the same time,” said one Western executive.

Dr. Dan Lomas @Sandbagger_01

They'd be a bit wet, might need a boat.

Headline just underlines my irritation with labelling any intelligence related as "spies".

thetimes.co.ukRussian spies ‘mapping North Sea cables and pipelines’A Russian spy ship that was believed to be part of a sabotage operation targeting underwater cables, gas pipelines and wind farms in the North Sea was inter

chrisrohlf @chrisrohlf

Solid research on using LLMs to improve code coverage via test case generation. LLM’s are going to continue changing how code is written and tested… and yes, fuzzed.

Caroline Lemieux @cestlemieux

I will be presenting our paper "CodaMOSA: Escaping Coverage Plateaus in Test Generation with Pre-trained Large Language Models" at @ICSEconf #ICSE2023 in Melbourne!! pre-print: https://t.co/AjoZjOOiGM https://t.co/xR4TzxQYdJ

https://www.carolemieux.com/codamosa_icse23.pdf

Hacker Uncovers How to Turn Traffic Lights Green With Flipper Zero

Kind of a cheat. It’s using the flipper zero to control the strobing of an IR light, and the IR light triggers the traffic lights.

Hacker Uncovers How to Turn Traffic Lights Green With Flipper Zero

A DIY hacker equipped with a Flipper Zero and old security camera managed to build a Mobile Infrared Trasmitter to bypass red lights.

Prompt Engineering Guide

GitHub - dair-ai/Prompt-Engineering-Guide: 🐙 Guides, papers, lecture, notebooks and resources for prompt engineering

🐙 Guides, papers, lecture, notebooks and resources for prompt engineering - GitHub - dair-ai/Prompt-Engineering-Guide: 🐙 Guides, papers, lecture, notebooks and resources for prompt engineering

Ukrainian charity wants to raise 1.3 million for cyber offence

I guess they want to buy an exploit?

Ukraine's largest charity wants to raise $1.3 million for ‘cyber offensive’

Ukraine's largest charitable foundation, Come Back Alive, has launched a fundraiser to support the country's cyber offensive against Russia.

Building Browser Extensions

Let's build a Chrome extension that steals everything

Manifest v3 may have taken some of the juice out of browser extensions, but I think there is still plenty left in the tank. To prove it, let’s build a Chrome extension that steals as much data as possible. I’m talking kitchen sink, whole enchilada, Grinch-plundering-Whoville levels of data theft…

2 months ago · 14 likes · 5 comments · Matt Frisbie

Andrew Dwyer @DrAndrewDwyer

In this paper, published in #areajournal, I examine the (geo)political relationship between malware authors, computer materials, and their ecologies. These produce 'grammars' shaping computational agency prior to, and including, cyber operations and the algorithmic.

RGS-IBG Higher Ed @RGS_IBGhe

3/ The first paper in the special section is #openaccess: ‘Cybersecurity’s Grammars: A More-than-Human Geopolitics of Computation’ by @DrAndrewDwyer (@GeogDurham) #areajournal : https://t.co/DNCXhNYjhv https://t.co/q4VtIly3SD

When someone shits on the floor this thing is going to smear it everywhere then track it through the building.

Danny Thompson @DThompsonDev

Robot cleaning bathrooms! Another job that goes to automation.

Looks like the inventor has been working on this for over 5 years!

thomas violence @thomas_violence

people talk a lot of shit about him but i think its amazing jar jar is doing this

Lawrence Freedman @LawDavF

Anybody who thinks Seymour Hersh might be onto something with his explanation for the Nord Stream pipeline explosions should read this extraordinarily thorough and forensic demolition job by @OAlexanderDK https://t.co/FuUSFbrzlh

Oliver Alexander @OAlexanderDK

The Seymour Hersh debunk has been updated with debunks of Norway’s claimed financial incentives, information on past BALTOPS mine detection and clearance exercises and my email correspondence with Seymour Hersh.

https://t.co/Yf5oqZYiHx

Electrospaces @electrospaces

Former Danish defense minister Claus Hjort Frederiksen has been charged with revealing state secrets, allegedly by admitting that Danish intelligence cooperates with the NSA in a cable tapping operation:

dailymail.co.ukDanish former minister charged with revealing state secretsCOPENHAGEN, Denmark (AP) - A Danish former defense minister who had publicly claimed that Denmark’s secret service helped U.S. intelligence spy on several...

Electrospaces @electrospaces

More about this highly remarkable Danish intelligence crisis can be found here:

electrospaces.netHead of Danish military intelligence arrested but independent inquiry finds no wrongdoingA weblog about Signals Intelligence, Communications Security and top level telecommunications equipment

prayingforexits 🏴‍☠️ @mrexits

A 1.5 meter (4.9ft) sphere appeared today at Enshuhama Beach in Hamamatsu, Japan.

Police have surrounded the area and cordoned off a perimeter of 200 meters until they determine what the object is.

What the hell do we think this is?

Japanese Officials Investigate Mysterious Sphere That Washed Up on Beach

Officials blocked off a 200-meter radius to investigate the sphere, which closely resembles a metal buoy, but have not determined what it is.

GitHub - horizon3ai/CVE-2022-39952: POC for CVE-2022-39952

POC for CVE-2022-39952. Contribute to horizon3ai/CVE-2022-39952 development by creating an account on GitHub.

Daniel Cuthbert @dcuthbert

Bugs happen Bugs are a pain Bugs can be prevented

CVE-2022-39952 is a fascinating bug that sheds light into the rather frustrating world of enterprise security products and a lack of robust engineering approaches.

Daniel Cuthbert @dcuthbert

The issue is within the keyUpload scriptlet, keyUpload.jsp.

cool cool, no auth request comes in and it parses to look for a file in the key parameter, and if found, bish bash bosh it writes it to /bsc/campusMgr/config.applianceKey.

ok so far(ish)...