July 16, 2024
July 16, 2024
Exclusive: Kaspersky Lab is closing its US division and laying off all workers associated with it. The move follows the US Commerce Department's decision last month to ban the sale of Kaspersky software in US starting July 20. https://t.co/018tDqdi77
โ Kim Zetter (@KimZetter) July 15, 2024
Reminder: there is a Winamp Skin Museum where you can see 80,000 archived Winamp skins (and use them). There was an era of Y2k hyper-maximalist design, before Apple mandated minimalism in everything. UI design had a lot more room for self-expression. It's art. pic.twitter.com/XZv2PwqhbA
โ Maung Thuta (@CypressDahlia) July 14, 2024
New from 404 Media: Inside the Face Fraud Factory. How are some criminals bypassing selfie verification checks? By buying videos of real people turning their heads left and right. Rare insight into a part of fraud: the people who give up their faces https://t.co/3vjw2EOupi
โ Joseph Cox (@josephfcox) July 15, 2024
Born to be an italian mobster, forced to be the chairman of the USSR https://t.co/alAX8ZMfSp
โ postmaster harper ๐ฃ๐ฅ๐ฎ๐ดโโ ๏ธ (@harperposting) July 14, 2024
The amount of superstition involved in prompting LLMs is quite fantastic
โ Simon Willison (@simonw) July 15, 2024
That "you are an expert in field X..." trick? Likely a complete waste of time since late 2022 https://t.co/y9kBiApOfq
๐จ Role Prompting doesn't work...
โ Learn Prompting (@learnprompting) July 14, 2024
Our team at @learnprompting led a year-long study with co-authors from @OpenAI & @Microsoft, analyzing over 1,500 prompting papers. We narrowed it down to 58 different prompting techniques and we analyzed every one.
Here's what we found...
๐ซ Role Prompting was shockingly ineffective. Here's why:
โ Learn Prompting (@learnprompting) July 14, 2024
For older models, it seems they could access improved responses/reasoning by being moved by the prompt into a better parameter space. However, newer models are likely already in that improved parameter space.*
*This is a healthy bit of speculation!
โ Learn Prompting (@learnprompting) July 14, 2024
This was a big surprise! Back in October 2022, when we released the first-ever guide on Prompting pre-ChatGPT, Role Prompting was all the rage and a core technique we recommended for better ChatGPT results.
(Rest of the thread is marketing pitch)
*This is a healthy bit of speculation!
โ Learn Prompting (@learnprompting) July 14, 2024
This was a big surprise! Back in October 2022, when we released the first-ever guide on Prompting pre-ChatGPT, Role Prompting was all the rage and a core technique we recommended for better ChatGPT results.
GPT4o Captcha Bypass, CLI tool for testing various types of captchas including puzzle, text, complicated text, and reCAPTCHA using Python and Selenium. The tool also uses OpenAI GPT-4 to help solve the captchas. https://t.co/WhjkhZxHvE
โ Nicolas Krassas (@Dinosn) July 15, 2024
Large Models of What? Mistaking Engineering Achievements for Human Linguistic Agency https://t.co/5Y8wdIRtEc
โ Abeba Birhane (@Abebab) July 15, 2024
New paper with Marek McGann pic.twitter.com/uOVXOYiECs
[2407.08790] Large Models of What? Mistaking Engineering Achievements for Human Linguistic Agency
In this paper we argue that key, often sensational and misleading, claims regarding linguistic capabilities of Large Language Models (LLMs) are based on at least two unfounded assumptions; the assumption of language completeness and the assumption of data completeness. Language completeness assumes that a distinct and complete thing such as `a natural language' exists, the essential characteristics of which can be effectively and comprehensively modelled by an LLM. The assumption of data complet...
This is what I mean when I say working with MSRC is degrading. They want everything: write up, stack traces, PoC, exploit source, analysis, life advice, approval on anything you will ever publish. In return they will patch your bug whenever they feel like it and not tell you https://t.co/RpV0FirhGD
โ chompie (@chompie1337) July 15, 2024
Zero Day Initiative โ Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD
On patch Tuesday last week, Microsoft released an update for CVE-2024-38112 , which they said was being exploited in the wild. We at the Trend Micro Zero Day Initiative (ZDI) agree with them because thatโs what we told them back in May when we detected this exploit in the wild and reported it to Mi
The process is the punishment.
โ JD Work (@HostileSpectrum) July 16, 2024
Another banger from retr0id "Jailbreaking RabbitOS (The Hard Way)".
โ Battle Programmer Yuu (@netspooky) July 16, 2024
It's got everything: secureboot bypasses, an Android bootkit, a tethered USB jailbreak over WebSerial, GPL violations, and highly questionable logging practices.
A very fun read !!https://t.co/xRWdAeAOv2 pic.twitter.com/qe2bjgcCEH
We've seen a lot of people discussing the Disney compromise. Let's talk about it.
โ vx-underground (@vxunderground) July 15, 2024
tl;dr prolly data stealer, not insider threat, leak is real but not going to destroy walt disney
First, the individual(s) who take credit for the compromise allege they had help from an insider.โฆ
NEW: Most online services (email, social media...) have mechanisms and tools for you to check if your account has been hacked and accessed by someone who shouldn't have.
โ Lorenzo Franceschi-Bicchierai (@lorenzofb) July 15, 2024
We wrote a guide on how to do that on Gmail, Outlook, Facebook/Instagram, X, etc. https://t.co/K06I0FhbxN
APKscan: Scan for secrets, endpoints, and other sensitive data in Android files https://t.co/443UiTX693
โ Nicolas Krassas (@Dinosn) July 15, 2024
My @reconmtl talk slides "The Art of Malware C2 Scanning - How to Reverse and Emulate Protocol Obfuscated byย Compiler" are available online. https://t.co/F6GjGC3LB2
โ Takahiro Haruyama (@cci_forensics) July 1, 2024
Reversing and rewriting classic GameSpy game support for classic PvP goodness: https://t.co/ANoocE5eHg
โ ringzerรธ.training && @ringzer0@infosec.exchange (@_ringzer0) July 16, 2024
Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion https://t.co/9MFY3sshwA #cybersecurity #infosec
โ Matthias Schulze (@perceptic0n) July 15, 2024
Lurking the r/generator subreddit recently I learned something interesting about the situation in Texas. Quite reasonably a lot of people in the Houston area have decided to get generators installed, since there have been recent major power outages both in summer and winter...
โ Pinboard (@Pinboard) July 16, 2024
