May 4, 2022

You want to watch a great discussion on cyber warfare. You want to watch Danny Moore talk about his upcoming book.

A Ukrainian family lived in a basement for three weeks with Russian soldiers.

Lessons From Russia's Occupation of a Ukrainian Village - The Atlantic

One family’s experience of Russia’s invasion offers a path to the end of the war.

Timely indeed.

Riana Pfefferkorn @Riana_Crypto

My latest piece for @BrookingsInst Techstream is up - unintentionally extra timely today. Expanding the availability of E2EE services will be crucial in America’s post-Roe reality.

brookings.eduAn urgent task awaiting Elon Musk at Twitter: Encrypting direct messagesA recent ruling from the Ninth Circuit Court of Appeals makes improving messaging security more urgent than ever.

Cyber is everywhere in everything.

Eva @evacide

If you are in the United States and you are using a period tracking app, today is good day to delete it before you create a trove of data that will be used to prosecute you if you ever choose to have an abortion.

consumerreports.orgWhat Your Period Tracker App Knows About YouAs period tracker apps grow in popularity, so do concerns about what happens to the very personal information they share. Consumer Reports explains how to stay safe.

Johannes Ullrich 🌐 @johullrich

Next time you have that great idea to solve cyber security: Run it past a person whose only computing device is an off-brand Android phone with a shattered screen. Don't know such a person? Your idea probably sucks.

Cool story, boomer.

𝙏𝙤𝙢 𝙇𝙮𝙤𝙣 - @aka_pugs

40 years ago today: I joined a tiny startup called Sun Microsystems. What a ride! Here's the never-before-told story of how I arrived at Sun as employee #8! 🧵

【 𝙗𝙚𝙣】░░ @sddp___

aint no fuckin way

Fascinating!

Alberto Acerbi @acerbialberto

Interesting finding! People are not passively fed misinformation by social media, but they search actively for it! When Facebook down, search for misinformation increases in Google.

Matt Motta @matt_motta

NEW WP from J. Hwang, @decustecu, and I.

We show that, consistent with the idea that some FB users express a latent demand for misinformation consumption, a naturally-occurring Facebook outage "transferred" search for misinformation to Google.

https://t.co/1ujMTWRRUu https://t.co/rlxRtLl7qt

What is happening in cyber policy now?

What Does the 2022 NDS Fact Sheet Imply for the Forthcoming Cyber Strategy? - Lawfare

Crazy deception

tom @tom_bullock_

seems like this trench, which the Russians struck with artillery, was manned by Ukrainian mannequins. I recall seeing a close up of similar dummies being used by the Ukrainians, will post it below if I find it

Amusing anecdotes

Tim Mak @timkmak

Civilians were donating ANYTHING that might help with Ukrainian efforts to volunteer centers.

Someone donated 100s of mannequins, suggesting they could be used as decoys in the field.

Another person donated a hundred packs of underwear, insisting it would be useful…

Lots of interesting papers out there. This is one of them

https://psycnet.apa.org/record/2013-42900-004

Joseph Fahmy @jfahmy

They should change the name from NFTs to GIF Certificates.

Steven Russolillo @srussolillo

THE DEATH OF NFTs...

One buyer purchased a Snoop Dog curated NFT in early April for about $32,000 worth of the cryptocurrency ether. It's now up for auction, with an asking price of $25.5 million.

The highest current bid is for 0.0743 ether—about $210.

https://t.co/dg54XYijxh

Seems like a great plan

Matthew Levitt @Levitt_Matt

CIA instructs Russians how to contact the spy agency

washingtonpost.comCIA instructs Russians on how to share secrets with the spy agencyThe CIA published instructions for how Russians disaffected by the Ukraine war can covertly volunteer information using an encrypted conduit to the agency’s website.

The crazy world of Sanctioned Russia.

Russian Federal Penitentiary Service had announced a plan to recruit IT specialists from Russian prisons to work remotely for domestic commercial companies.

Russia to Rent Tech-Savvy Prisoners to Corporate IT? – Krebs on Security

People might want to say a thing or two about political issues, and they should be safe while doing so.

Digital privacy and security measures for staying safe while protesting « Adafruit Industries – Makers, hackers, artists, designers and engineers!

(Guide published June 5, 2020 – be sure to check for updates and/or new information. Resource for the Adafruit teams and publicly posted, by Violet Blue) Digital privacy and security measures…

On that topic, here’s a cool line of research, but note my caveats. Generally for important security things you want to fail close. So pick something simple and dumb that can’t fail open. Stupid proof your security. The UK redacts documents with three asterisks (*) rather than the US style of using black bars over the text. The US method leaks some information, and the UK leaks none. (Not always used, of course, but generally speaking those are the two nations approaches.)

thaddeus e. grugq 🌻 @thegrugq

This is an interesting project. However, secure redaction is placing a solid shape (eg black bar) over identifying features. 1) this project leaves the face identifiable by human 2) is based on algorithms at a point in time. Adversarial research could invalidate it

Very cool tho https://t.co/fIdWkWG2vM

Lucas Atkins @0xChain

@violetblue @thegrugq Additional OpSec measure: if you taking photos from the protest make facial recognition nulled before sharing to social media using the software Fawkes

https://t.co/KkKBsUQoLj

Here’s an example of the police defeating a specific method of obscuring features.

ρhαετhøṉ @PhaethonTweets

@thegrugq @0xChain Timely reminder of the case of Mr Swirl... bbc.in/37Y8Tr5 @violetblue

PS worth noting that the way to defeat this method (as I recall) is to open the JPEG in Photoshop, place the centre of the “swirl” tool on the swirl, and then just reverse it.

There’s a pandemic on.