Jan 23, 2023

                            January 23, 2023

                Jan 23, 2023

Matthijs R. Koot @mrkootSurveillance Technologies Are Imbedded into the Fabric of Modern Life - The IC Must Respond (Jan 2023)  mitre.org/news-insights/… 👏

Re: collection of identities, locations, & connections by ad tech: e.g. SDKs, APIs, apps, UAs, device fingerprinting. 

By @KirstenHazelrig / MITRE. 
6:36 PM ∙ Jan 22, 2023
19Likes11Retweets
-
Dmitri Alperovitch @DAlperovitchNew @SilveradoPolicy 40+ page research report is out where we dive into detailed data on Russian trade imports to determine how Russia is working around Western sanctions and export controls

Key findings: 🧵

silverado.org/news/report-ru… 
5:11 AM ∙ Jan 23, 2023
560Likes225Retweets
-
Matthijs R. Koot @mrkootNSA IPv6 Security Guidance (.pdf, Jan 2023) media.defense.gov/2023/Jan/18/20…

- deny by default, allow only authorized IPv6 src
- DHCPv6 or RFC 4941 (SLAAC leaks MAC)
- dual stack: ensure IPv6 >= IPv4 security
- RA Guard, DHCPv6 Shield
- split DNS for AAAA
- no tunnels
- no NAT64, 464XLAT 
7:26 AM ∙ Jan 23, 2023
46Likes16Retweets
-
pourmecoffee @pourmecoffeeYesss, expose this fraud.

"Girl asks police to run DNA test on Christmas cookie for evidence of Santa Claus" npr.org/2023/01/22/115… 
1:56 AM ∙ Jan 23, 2023
93Likes19Retweets-
Hostile takeover: Kraken hacks rival darknet market Solaris. At stake is the shar of a market that can add up to billions of dollars for whichever platform is able to facilitate the flow of everything from illegal drugs and malware to fake ID and stolen payment card data. 

https://www.databreachtoday.com/hostile-takeover-kraken-hacks-rival-darknet-market-solaris-a-20986

https://infosec.exchange/@euroinfosec/109737863350779155

-
The Devil is a Part-Timer @AllegedKurd
5:10 AM ∙ Jan 23, 2023
792Likes159Retweets
Discussed a bit more in depth previously:
The Info Op
Spying through gaming
Read more
3 months ago · 6 likes · 1 comment · the grugq
-
Dr. Dan Lomas @Sandbagger_01"The closure came after planning documents were published by bumbling council bureaucrats that revealed in detail a series of costly, new additions to the building".
 dailymail.co.uk/news/article-1… via @MailOnline
dailymail.co.ukMI6 shuts down a spy school after site floor plans were revealedThe discreet central London training centre had been used for many years to teach agents spycraft and self-defence (pictured: SIS headquarters in Vauxhall, London).8:19 AM ∙ Jan 22, 2023
66Likes23Retweets
-
Justin Elze @HackingLZ
@vxunderground So basically subscribe to T-Mobile and get free credit monitoring for life?1:36 AM ∙ Jan 20, 2023
105Likes7Retweets
-
David Kanter @TheKanter
This chart explains exactly why the Darwin Awards are a thing… 
3:14 AM ∙ Jan 23, 2023
13Likes1Retweet
-
raptor@infosec.exchange @0xdea
#Exploiting null-dereferences in the #Linux #kernel

// by Project Zero

googleprojectzero.blogspot.com/2023/01/exploi… 
7:22 AM ∙ Jan 23, 2023
10Likes2Retweets
-
dade @0xdadeLol. "0days"... 

Here's a post from 2015 about messages being unencrypted on signal desktop. 

github.com/signalapp/Sign… 
John Jackson @johnjhacking
1/Just found a couple of 0days in Signal. Very similar to the Keybase ones that were disclosed in the past. Check it out, unpatched. In the first photo, I send a photo attachment in a signal chat, with "this will be my PoC". https://t.co/K7DWDOFmu3
6:25 PM ∙ Jan 22, 2023
65Likes13Retweets
-
@jiska@chaos.social @naehrdineThe iOS and macOS stock kernel can create debug messages, allowing the root user to observe which functions are called in the kernel. How can you record kernel debug messages & map trace codes to the actual functions called?
#reversingshorts
youtu.be/0B9M0qolfxg 
2:24 PM ∙ Jan 22, 2023
165Likes29Retweets
-
Thomas Rid @RidT
Last week I was a student for five days, five hours per day—with ChatGPT fully integrated into teaching. Here's what we learned, just in time for Spring Term (which starts tomorrow. Class was Malware Analysis, taught by @juanandres_gs @alperovitch)  alperovitch.sais.jhu.eduFive Days in Class with ChatGPT – The Alperovitch Institute2:33 AM ∙ Jan 23, 2023
175Likes49Retweets
-
JP @jpbrammer
top left can get me CIA classified documents in minutes 
dounbug @d0unbugpov: you're hiring an engineer but the only thing that's revealed to you during the interview process is what their setup looks like.

who u choosing & why https://t.co/h8JTiMeQps2:10 PM ∙ Jan 22, 2023
9,596Likes1,030Retweets
dounbug @d0unbug
pov: you're hiring an engineer but the only thing that's revealed to you during the interview process is what their setup looks like.

who u choosing & why 
3:41 AM ∙ Jan 17, 2023
5,395Likes378Retweets
-
raptor@infosec.exchange @0xdeaOpenOffice won't print on Tuesday 😱 

bugs.launchpad.net/ubuntu/+source…
bugs.launchpad.netComment #28 : Bug #255161 : Bugs : cupsys package : UbuntuWhat a fascinating bug!! My wife has complained that open office will never print on Tuesdays!?! Then she demonstrated it. Sure enough, won’t print on Tuesday. Other applications print. I think this is the same bug. Here is my guess: Print to a postscript file. Observe the line: %%CreationD…7:26 AM ∙ Jan 23, 2023
20Likes5Retweets

                            Don't miss what's next. Subscribe to the grugq's newsletter: