June 7, 2022

Probably the big article of the day, this one on CIA hacking.

The Surreal Case of a C.I.A. Hacker’s Revenge | The New Yorker

A hot-headed coder is accused of exposing the agency’s hacking arsenal. Did he betray his country because he was pissed off at his colleagues?

James Palmer @BeijingPalmer

a great piece, and also a good lesson in how CIA actually works - personalized, bureaucratic, and often deeply weird.

Patrick Radden Keefe @praddenkeefe

This is one of the wildest stories I've ever written, about a combustible CIA hacker, Josh Schulte, who tangled with colleagues & kept escalating the conflict. Now he stands accused of the ultimate payback: the biggest leak in CIA history.

Meet King Josh https://t.co/aAj1s3lzr3

-

Dmitry Vyukov @dvyukov

Fun #Linux kernel security project: take every new kernel CVE and make syzkaller fuzzer retroactively find it. Over time it may have significant cumulative effect. Bugs tend to cluster.

Open Source Security @oss_security

CVE-2022-1972: out-of-bound write in Linux netfilter subsystem leads to local privilege escalation: Posted by 张子明(明程) on Jun 02Hello,

An out-of-bound write vulnerability was identified within the netfilter subsystem which can be exploited to… https://t.co/lLqUCOykeo

-

badidea 🪐 @0xabad1dea

just watched the AI generate an image that very clearly had the Shutterstock watermark on it and evolve it out over a few iterations, in case you're wondering about the legal circumstances of the training set

-

Maz Jovanovich @maz_jovanovich

Happy birthday to the greatest piece of staff work ever written.

-

Ryan Mac 🙃 @RMac18

Indianapolis woman allegedly tracks partner she suspects of cheating with an Apple AirTag. Finds him at a bar with another woman. Confronts him. Then apparently runs over him with a car multiple times, killing him.

indystar.comAirTag, accusation and argument end in murder charge after man run over outside Tilly’sPolice found 26-year-old Andre Smith underneath a vehicle in the parking lot. The coroner’s office determined he was intentionally struck.

-

Stacy Mitchell @stacyfmitchell

Last week, an Amazon VP took to an Amazon-run forum for sellers to urge them to contact their senators in opposition to Klobuchar’s self-preferencing bill, and thereby continue Amazon’s “amazing partnership” with sellers.

The responses from sellers are… pretty lively. 1/

-

Cool documentary on the D-Day deceptions.

-

Max Smeets on 0day markets. It.. is worth reading. I think the theory is probably correct, but the findings are more pessimistic than it merits.

I’ll have a post to discuss this specifically.

Max Smeets @Maxwsmeets

Here's my 2nd piece on the sale of zero-day exploits @lawfareblog. I explain why the zero-day market is extremely prone to market failure & why buyers are much more likely to buy local than is often realized:

lawfareblog.comHack Global, Buy Local: The Inefficiencies of the Zero-Day Exploit MarketWhy the market for zero-day exploits is less efficient and more local than you might think.

-

An important article.

Smartphones Blur the Line Between Civilian and Combatant | WIRED

In Ukraine, civilians are valiantly assisting the army via apps—and challenging a tenet of international law in the process.

-

Lukasz Olejnik @lukOlejnik

Russia about cyberattacks "USA...unleashed cyber aggression against Russia ... They use the 'Zelensky regime' and 'IT army' ...". 1st time RU warns of retaliation: "we do not recommend US to provoke Russia into retaliatory measures - a rebuff will follow"

ria.ruВ МИД России пообещали дать отпор кибератакам со стороны СШАУкраина при помощи США совершает кибератаки на критическую инфраструктуру РФ, если провокации продолжатся, ответ будет твердым и решительным, следует из... РИА Новости, 06.06.2022

-

Erika  @_AstroErika

If you blended all 7.88 billion ppl on Earth into a fine goo (density of a human=985 kg/m3, average human body mass=62 kg), you would end up with a sphere of human goo just under 1 km wide. This is a visualization of how that would look like in Central Park.

-

starlabs @starlabs_sg

We do not always have success in everything we do. We even missed out some CVE while trying to figure out how to dig deeper. But it's part of our process & we hope that our documentation here will be useful You can read about @PTDuy 's blog post out here:

starlabs.sgTrying To Exploit A Windows Kernel Arbitrary Read VulnerabilityIntroduction I recently discovered a very interesting kernel vulnerability that allows the reading of arbitrary kernel-mode address. Sadly, the vulnerability was patched in Windows 21H2 (OS Build 22000.675), and I am unsure of the CVE being assigned to it. In this short blog post, I will share my jo…

-

Great thread on how the US is losing Southeast Asia.

Blake Herzinger @BDHerzinger

There’s a lot of breathless commentary about this, but I think a lot of it is fairly overblown, or unfamiliar with our own history with Cambodia (to include our maritime cooperation).

washingtonpost.comChina secretly building PLA naval facility in Cambodia, Western officials sayThe establishment of a Chinese naval base in Cambodia — only its second such overseas outpost and its first in the strategically significant Indo-Pacific region — is part of Beijing’s strategy to build a network of military facilities around the world in support of its aspirations to become a true g…

-

Massive grain of salt on this, but… who knows?

adyingnobody @adyingnobody

dear crypto,

Read:

tl.gdTwitLonger — When you talk too much for TwitterTwitLonger is the easy way to post more than 140 characters to Twitter

https://www.twitlonger.com/show/n_1ss24a6

-

Igor Kossov @IgorKossov

My latest, a deeper look into the background, actions and psyche of the average Russian serviceman fighting in Ukraine.

kyivindependent.com/national/portr…

Don't miss what's next. Subscribe to the grugq's newsletter: