Jan 31, 2023

                            January 31, 2023

                Jan 31, 2023

SH1MMER53 is an exploit capable of completely unenrolling enterprise-managed Chromebooks.
https://sh1mmer.me
-
Yandex ‘leak’ reveals 1,922 search ranking factors
Martin MacDonald 🏴󠁧󠁢󠁳󠁣󠁴󠁿🇪🇸🇺🇸🇧🇧 @searchmartin
The Yandex hack is probably the most interesting thing to have happened in SEO in years.4:07 PM ∙ Jan 27, 2023
183Likes18Retweets
reviewing this document may provide some useful insights to better help you understand how search engines, such as Google, work from a technological standpoint.  
Alex Buraks @alex_buraks
You probably heard about Yandex, it’s the 4th biggest search engine by market share worldwide. Yesterday proprietary source code of Yandex was leaked. 

The most interesting part for SEO community is: the list of all 1922 ranking factors used in the search algorithm 

[🧵THREAD] 
3:03 PM ∙ Jan 27, 2023
5,198Likes1,454Retweets
Alex Buraks @alex_buraks
Leaked Yandex ranking factors analysis part 2, let's go.

[🧵THREAD]4:24 PM ∙ Jan 28, 2023
1,265Likes314Retweets
Mic King @iPullRankAight y'all.

Let's get started with this Yandex thing. 

First thing, I want to give props and a shout out to @benwills who was the first to tell me about the leak and did a lot of initial leg work to make sense of where things live. He's the real MVP.8:18 PM ∙ Jan 27, 2023
341Likes84Retweets

https://searchengineland.com/yandex-search-ranking-factors-leak-392323

Analysis on how search at Yandex is done 

https://russiansearchnews.com/articles/yandex-data-leak-what-weve-learned-about-the-search-algorithms/

-
Subscribe now
-
EU has some genius ideas about mandating that software be secure. It is gonna kill open source if they don’t change it.

https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/

-
My Year Of Dicks (2022) 
-
Sal Mercogliano (WGOW Shipping) 🚢⚓🐪🚒🏴‍☠️ @mercoglianos
Spain Seizes Cocaine Worth $114 Million From Livestock Ship

Man...those cows know how to party!  

gcaptain.comSpain Seizes Cocaine Worth $114 Million From Livestock ShipMADRID, Jan 28 (Reuters) – Spanish police seized 4.5 tonnes of cocaine with an estimated street value of 105 million euros ($114 million) after raiding a cattle ship off the Canary Islands...3:18 PM ∙ Jan 30, 2023
104Likes16Retweets-
Runa:
I looked at a bunch of court records to learn more about how police in the U.S. use digital data to prosecute abortions. Here’s what I found.

https://techcrunch.com/2023/01/27/digital-data-roe-wade-reproductive-privacy/

https://mastodon.social/@runasand/109763026717020372

-
A paralegal has been going after the AI-lawyer company “DoNotPay.” She is destroying them, and the CEO is looking worse and worse the longer it goes on. It’s glorious!
Kathryn Tewson @KathrynTewson
Alternate Title: Empirically Determining the Inflection Point between Fucking Around and Finding Out 
Courtney Milan 🦖 @courtneymilan
A story, in five acts, about why you should not try and pull public, shady stuff and then get lawyers to pay attention to you.2:33 AM ∙ Jan 31, 2023
427Likes70Retweets
Kathryn Tewson @KathrynTewsonSo, I thought maybe I should give it a fair shake -- after all, I'm mostly arguing with what my idea of a "legal AI" is, right? So I signed up for an account at donotpay.com and took the service for a little whirl.
donotpay.comSave Time and Money with DoNotPay!Continue surfing free trials, beating parking tickets, suing robocallers for cash, and more.4:10 PM ∙ Jan 24, 2023
287Likes36Retweets
Kathryn Tewson @KathrynTewson
Let me be clear: this is a terrible demand letter. Absolutely terrible. Useless or worse than useless -- if an actual attorney saw this, she would instantly know that the sender was unsophisticated, unrepresented, and gullible af.5:18 PM ∙ Jan 24, 2023
435Likes26Retweets
Kathryn Tewson @KathrynTewson
Update: I have been in contact with RIP Medical Debt, and they have confirmed that the donation with the receipt number on the receipt Josh provided was made yesterday, January 29th, at 12:36 AM EST. (I am in PST which is why my timestamp says Jan. 28th at 9:53 PM.)  
Kathryn Tewson @KathrynTewson
I have no reason to believe that Josh faked his donation to RIP Medical Debt. But based on this? I don't think he did it on December 2, 2022.10:04 PM ∙ Jan 30, 2023
737Likes103Retweets
Kathryn Tewson @KathrynTewson
Holy crap -- @Amyrhymeswith spotted the time stamps. Josh, you made this donation *four minutes* after I called you out? 
Kathryn Tewson @KathrynTewson
Joshua Browder, CEO of @DoNotPay (the company that is scrambling in every available direction to keep me from investigating how genuine its claims of using AI are), has a history of trying to power-wash his image and gain a little clout. https://t.co/gW7fhm1kdG10:24 PM ∙ Jan 30, 2023
412Likes27Retweets
-
Lukasz Olejnik (@LukaszOlejnik@Mastodon.Social) @lukOlejnikWith a tiny single change, GitHub immediately, threw a large part of the software ecosystems into space. Package managers, applications, all sorts of things down. Slight change and it's gone. It's all so fragile! GitHub is a critical global infrastructure. github.blog/changelog/2023… 
6:24 AM ∙ Jan 31, 2023
57Likes30Retweets
-
heems @HIMANSHU
At 23 I made the song Combination Pizza Hut and Taco Bell. https://t.co/iUVWW15wbf
Culture Critic @Cult_Crit
A 23 year old sculpted this.

What's your excuse? https://t.co/yc24hOiGtq3:14 PM ∙ Jan 30, 2023
11,282Likes1,012Retweets-
Let’s continue our tour of my public @github@infosec.exchange projects. 

https://github.com/0xdea/tactical-exploitation

Even though I’m a prolific #exploit #developer, I’ve always been a big proponent of a tactical approach to #pentesting and #redteaming that does not focus on exploiting known software vulnerabilities, but relies on #oldschool techniques such as information gathering and brute force.
While being able to appreciate the occasional usefulness of a well-timed #0day, as a veteran penetration tester I favor an exploit-less approach. #Tactical #exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects.
Sooner or later I’ll present my talk on this subject: “Empty Phist Style - Hacking Without Tooling” (h/t @thegrugq@infosec.exchange for the title) 🤘

https://infosec.exchange/@raptor/109783172507630600

-
JP Aumasson @veorq
guess we'll stick to the English term 
2:51 PM ∙ Jan 30, 2023
148Likes20Retweets
-

                            Don't miss what's next. Subscribe to the grugq's newsletter: