March 7, 2023

                            March 7, 2023

                March 7, 2023

Dom Sec 👾 @DomSecRocks
@IanColdwater I curated an list from my past experience that included all the best videos. I recommend A-Z of B & E from the late eighties! 

github.comGitHub - dom-sec/awesome-physec: Repository containing useful links for all things Physical Security. Please contribute!Repository containing useful links for all things Physical Security. Please contribute! - GitHub - dom-sec/awesome-physec: Repository containing useful links for all things Physical Security. Pleas...1:37 PM ∙ Mar 6, 2023
8Likes2Retweets
-
Thuan Pham @thuanpv_
A big shout out to all the organizers for making this happen! Keeping my fingers crossed for all fuzzers including AFLSmart++, which is my extension of #aflsmart. I hope it will outperform its original version to achieve my design goals. Regarding its final ranking, who knows? ;) 
DonggeLiu @Alan32LiuWe are witnessing a battle. 
The battle is between 8 new fuzzers from #SBFT23 and 4 well-known ones.
Its battlefield is 55 benchmarks wide, involving 15 bug-based and 40 coverage-based targets. It will be a hard fight, as all fuzzers were only trained on half of the benchmarks.12:13 AM ∙ Mar 7, 2023
6Likes2Retweets
-
Dave Aitel @daveaitel
Hats off to the forward thinking hackers posting tons of broken code in lots of different places for LLMs to parse and remember as suggestions years from now.2:35 AM ∙ Mar 7, 2023
59Likes10Retweets
-
Adam Cerious @Browtweaten
the us will use literally anything but the metric system 
10:00 PM ∙ Mar 5, 2023
5,611Likes528Retweets
-
catastrophic failure (Kristi’s alt) @ohshidt
“Occurred on November 4, 2022 / Manchester, Ohio, USA We had contracted a demolition company to set off explosives on a controlled demolition. The contract was only to control blast 4 towers but as the 4th tower started to fall it switched directions and took out the scrub tower” 
11:21 PM ∙ Dec 11, 2022
6,178Likes477Retweets
-
yasmin @ycsm1n
lol 
4:09 AM ∙ Mar 5, 2023
165,835Likes14,119Retweets
-
Matt Fagala @MattFagala
This sounds like a hackers dream.  I can think of several scenarios these features could be used maliciously. @0xcharlie is probably thinking, challenge accepted. #Vulnerability #hacking #cybersecurity #infosec 
TheBlaze @theblaze
New Ford patent would lock out owners for missed payments, allow cars to be repossessed remotely https://t.co/0FRajXfETM11:15 PM ∙ Mar 6, 2023
13Likes10Retweets
-
Runa Sandvik @runasand
Introducing "Untidy," a newsletter where I make sense of big claims about cybersecurity. First up, a look at Jonathan Scott's report on spyware in Morocco. untidy.substack.comFact Check: Jonathan Scott’s report on MoroccoOn February 18, Jonathan Scott published a report that he says disproves years of research by Amnesty International and Citizen Lab into use of sophisticated spyware in and/or by Morocco to target activists, journalists, politicians, and others. A week later, Scott spoke at an in-person hearing in M…9:24 PM ∙ Mar 6, 2023
67Likes31Retweets
-
Twitter Support @TwitterSupport
Some parts of Twitter may not be working as expected right now. We made an internal change that had some unintended consequences. We’re working on this now and will share an update when it’s fixed.5:19 PM ∙ Mar 6, 2023
12,683Likes5,371Retweets
Dictionary.com @Dictionarycom
@TwitterSupport Apropos of nothing, we recently added the word “hellscape” to the dictionary. dictionary.comDefinition of hellscape | Dictionary.comHellscape definition, a bleak landscape or one that resembles hell: a post-apocalyptic hellscape. See more.5:32 PM ∙ Mar 6, 2023
3,261Likes918Retweets
-
Greg Linares (Mantis) @Laughing_Mantis
TIL Building entry devices to allow emergency response crews to access buildings during a fire or similar conditions have Bluetooth support .
🤨🧐 
8:20 PM ∙ Mar 6, 2023
56Likes12Retweets
Greg Linares (Mantis) @Laughing_Mantis
Lol what's better is apparently this box holds a key fob to access the building.

However the box doesn't prevent me reading the keyfob stored inside it.

Just took a flipper zero around the box and was able to get the fob to be read.

💀💀💀💀 
Greg Linares (Mantis) @Laughing_MantisTIL Building entry devices to allow emergency response crews to access buildings during a fire or similar conditions have Bluetooth support .
🤨🧐 https://t.co/zp1fWawGnB10:23 PM ∙ Mar 6, 2023
55Likes14Retweets
-
Dr. Dan Lomas @Sandbagger_01
cbsnews.comChina dismisses reported U.S. concern over spying cargo cranes as “overly paranoid”As a new fear over possible Chinese intel-gathering on U.S. soil emerges, U.S. business leaders in Beijing watch the People’s Congress for clues about the year ahead.6:49 AM ∙ Mar 7, 2023
6Likes1Retweet
-
Chris Wysopal @WeldPondAtlantic Council had a group of experts mark up the new 2023 US National Cybersecurity Strategy. The group included: Maia Hamin, Trey Herr, Danielle Jablanski, @webjedi @loomisoncyber @thedarktangent @likethecoins @marcwrogers   Stewart Scott & @WeldPond 

atlanticcouncil.orgHow will the US counter cyber threats? Our experts mark up the National Cybersecurity StrategyOn March 2, the White House released the 2023 US National Cybersecurity Strategy. Read along with CSI staff, fellows, and experts for commentary on the document and its relationship with larger cybersecurity policy issues.1:55 PM ∙ Mar 6, 2023
7Likes6Retweets-
I love crypto research that demonstrates practical attacks. The paper `A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithm` by Nicky Mouha and Christopher Celi demonstrates RCE (!) through controlled memory corruption in the final-round update of the Keccak code used by SHA-3. This implementation bug affected Python, PHP, and the SHA-3 Ruby package: https://eprint.iacr.org/2023/331
Bonus points for dropping a Metasploit reverse TCP payload!

https://infosec.exchange/@hdm/109979752192232352

-
Dr. Dan Lomas @Sandbagger_01
apnews.comUS sees China propaganda efforts becoming more like Russia’sWASHINGTON (AP) — China has long been seen by the U.S. as a prolific source of anti-American propaganda but less aggressive in its influence operations than Russia, which has used cyberattacks and covert operations to disrupt U.S.8:14 AM ∙ Mar 7, 2023
5Likes1Retweet
-
Pinboard @Pinboard
Something deeply satisfying about the inverted pyramid of one engineer running a Twitter feature and half a dozen Twitter-addicted journalists waiting for the site to come back up to promote thinkpieces about it. 
Casey Newton @CaseyNewton
NEW: Twitter went down today because its migration to a paid API has a single site reliability engineer attached to it. Here’s @ZoeSchiffer and me on the high price of cutting costs:

https://t.co/yjAHeVkgYl https://t.co/6QVURpHagc
12:05 AM ∙ Mar 7, 2023
85Likes19Retweets
-
Ryan Baumann / @ryanfb@botsin.space / ryanfb.xyz @ryanfb
well I for one just went on an etymological adventure  
Anne Thériault @anne_theriaultYour guide: and if you look up there, you’ll see a gargoyle
12yo, quietly, to me: that’s not a gargoyle, that’s a grotesque. A gargoyle has a water spout coming out of mouth. What most people call gargoyles are actually grotesques 

I dread the day my child joins Twitter3:33 PM ∙ Mar 6, 2023
76Likes17Retweets-
Jan Lemnitzer @JanLemnitzer
German government plans to ban the use of Huawei and ZTE components in the 5G network since dependency on these 'unwelcome' producers poses incalculable risks. Already installed parts are to be ripped out and replaced. @thegrugq @ciaranmartinoxf
faz.net5G: Bundesregierung will Komponenten chinesischer Hersteller verbietenIn Großbritannien und den USA wurden chinesische Hersteller wie Huawei und ZTE aus dem 5G-Netzausbau verbannt. Die Bundesregierung scheint folgen zu wollen. Auch bereits verbaute Teile könnten betroffen sein.9:54 AM ∙ Mar 7, 2023
6Likes9Retweets
-
The city of Rotterdam used an " AI " algorithm to flag people for possible social fraud. Wired et al figured out how this algorithm mostly flagged the most vulnerable people: young single moms with a low income and only basic knowledge of Dutch.

https://www.wired.com/story/welfare-state-algorithms/

https://mstdn.social/@JorisMeys/109976797433224542

-

                            Don't miss what's next. Subscribe to the grugq's newsletter: