May 6, 2022

                May 6, 2022

            May 6, 2022

            Stan Account @tristandross
back in my day, money had pictures of apes on them and ape holders could use multiple slurp juices on a single ape! 'give me three apes for 1 astro ape and 3 slurps' you'd say, provided of course, you didn't get a common slurp at the mint eve-[my family turns off my life support] 
4:56 PM ∙ May 4, 2022
1,716Likes223Retweets

Cloud hacking tools, cool.
Red Sentry @redsentry_tech🚨Cloud Hacking Tools🚨

AWS - github.com/RhinoSecurityL…
GCP - github.com/RhinoSecurityL…
Azure - github.com/Azure/Stormspo…

Multi Cloud - github.com/nccgroup/Scout…
Multi Cloud - github.com/aquasecurity/c…

#bugbountytips #bugbounty #redteam #Pentesting  #PenTest #infosec #aws #gcp #Azure
github.comGitHub - aquasecurity/cloudsploit: Cloud Security Posture Management (CSPM)Cloud Security Posture Management (CSPM). Contribute to aquasecurity/cloudsploit development by creating an account on GitHub.2:41 PM ∙ May 5, 2022
683Likes304Retweets

Cyber war was calvinball first!
Adam Rawnsley @arawnsley
Your periodic reminder that national security law is a game of Calvinball invented as a jobs program for bored Ivy Leaguers who think they're too special for McKinsey Ken Dilanian @KenDilanianNBCFrom @ckubeNBC and me:

Current U.S. policy forbids the sharing of lethal targeting intelligence with Ukraine about Russian civilian and military leaders, two U.S. officials familiar with the matter told NBC News.  Can share intel about command and control, but not individuals.5:31 PM ∙ May 5, 2022
143Likes23Retweets 
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Here’s some nightmare fuel. Exploiting ad tech to find women who’ve had abortions and collect the $10k Texas bounty at scale. As just one example…
Aram Zucker-Scharff @Chronotope
I do think that people are really underestimating the risk in a post-Roe world that ad tech poses to women. It isn't just Law Enforcement has an easier time accessing your phone than your home and it isn't just data brokers. States now have private-citizen bounties, remember?4:13 PM ∙ May 5, 2022
3,085Likes957Retweets
Everything is cyber, so everything can be used for warfare. Cyber warfare is hectic. 
Some legal analysis. One thing I’ll say is that for the last few years the people freaking out on twitter have been more accurate than the experts…
Orin Kerr @OrinKerr
There's a lot of speculation that if the Court is going to overturn Roe/Casey in Dobbs, other precedents, such as those involving gay marriage or even contraception, are next.  I doubt that, for a few reasons.10:54 PM ∙ May 4, 2022
1,827Likes272Retweets
Reverse engineer cars.
Daniel Cuthbert @dcuthbert
If you’ve ever wanted to know how modern gearboxes work, Ash is doing a great job reverse engineering them and making an opensource implementation 
Ashcon Mohseninia (RAND_ASH) @rndashm
Mechanical hydraulic hell. Controlling the overlap valves via my TCM is a nightmare! But these valves control the smooth and seamless gear-shifting between clutch groups on the 722.6. Shift speed and firmness is derived by the fighting between SPC and MPC pressure lines https://t.co/mtn8SHQRgN4:24 PM ∙ May 5, 2022
22Likes9Retweets

https://www.atlanticcouncil.org/content-series/the-5x5/the-5x5-addressing-the-global-market-for-offensive-cyber-capabilities/

Here’s an explainer on how your phone is tracking everything 
Melissa Gira Grant @melissagira
This is nice to see and is also sex work 101 
8:14 PM ∙ May 5, 2022
1,218Likes704Retweets
Crypto. Scam. Fraud. Plot twist, this time it’s PGP. 
Filippo Valsorda @FiloSottile
This is a fantastic case study in how complexity (the super-flexible packets design), lack of robustness (no encryption authentication), and multiple options (ECDSA can be broken because DSA is supported) lead to vulnerabilities.  
kennyog @kennyog
Working with Lara Bruseghini and Daniel Huigens from @ProtonMail we found a new class of attacks against OpenPGP libraries and applications: Key Overwriting (KO) attacks. Full details at: https://t.co/1gpCUvrFgw2:42 PM ∙ May 5, 2022
92Likes35Retweets
US and Ukraine intelligence cooperation 
Cheryl Rofer @CherylRofer
Bottom line up front: It's another wave of President Biden's information offensive. I count at least 3:

1. Setting up the information theater before the war to expect Russian disinformation and false flags.

2. Preventing a chemical weapons attack.

3. Preparing for Victory Day.
2:38 AM ∙ May 6, 2022
162Likes18Retweets

News from Science @NewsfromScienceWatch this chameleon robot blend in with its surroundings: fcld.ly/idiszfy 
1:30 AM ∙ May 6, 2022
30Likes7Retweets

A researched informed analysis of what probably happened to Moskva. Hint, the radars are in the stowed away not doing anything, position.
USNI News @USNINewsWarship Moskva was Blind to Ukrainian Missile Attack, Analysis Shows - USNI News
news.usni.org/2022/05/05/war… 
10:28 PM ∙ May 5, 2022
848Likes164Retweets

Meta née Facebook is still a garbage company.
Jesse Lehrich @JesseLehrichWOW, this is low even for @Meta.

according to whistleblowers, when Australia moved to make FB share profits from news aggregation with journalists, they *deliberately* cut off access to hospitals, emergency services & charities as a negotiating tactic.
wsj.com/articles/faceb…5:10 PM ∙ May 5, 2022
92Likes66Retweets
There was a supply chain vulnerability in ruby gems. There’s no indication it has been exploited in the wild. 

https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79

Ghidra plug-in for improved graph layout
stanislas @sar5430
Even if I love #Ghidra, I'm not a huge fan of its default function graph view, I built a plugin that is based on @rizinorg layout. This is very far from perfect, but if you want to give it a try : 

github.com/sar5430/RizinL… 
12:41 PM ∙ May 5, 2022
161Likes40Retweets

Stop this timeline. I want to get off. What a world where this is actually relevant in 2022. 
nicolewong @nicolewong
Hi there unencrypted communications providers. 👋

If you haven't done so already, prepare for when - not if - you receive a preservation demand or warrant for the account and messages of a woman who is seeking abortion services in a state that has criminalized her decision. 1/3 
Riana Pfefferkorn @Riana_CryptoMy latest piece for @BrookingsInst Techstream is up - unintentionally extra timely today. Expanding the availability of E2EE services will be crucial in America’s post-Roe reality.

https://t.co/vGyGgiNuyl11:20 PM ∙ May 5, 2022
394Likes200Retweets

Paul Rodgers🇺🇦🌻🐍👻 @real_attentive
@FCDserviceA_llc @thegrugq RU to UA: "Did the US give you our coordinates?"
UA: "Sorta..."
RU: "Sorta?"
UA: "Here, let me show you. Siri, where are my headphones?"
Siri: "<exact coordinates>
<boom>
Siri: "I'm sorry, I can no longer find those devices."
RU: ...
UA: 🤷‍♂️2:50 AM ∙ May 6, 2022
234Likes70Retweets

I am deeply sceptical about this. Zach is a good journalist so I’ll give him the benefit of the doubt. But it seems very unlikely to me.
Zach Dorfman @zachsdorfman
Again, I tend to think this official DOD News article has been overlooked. On record confirmation that the USG has helped train the Ukrainians in launching cyber operations. 

nationalguard.milUkraine-California ties show worth of National Guard programWhen Russia invaded Ukraine with more than 150,000 troops Feb. 24, most people — especially Russian President Vladimir Putin — expected a Russian cakewalk.The men and women of the7:29 PM ∙ May 5, 2022
92Likes25Retweets

Why even if a logless VPN were truly logless, it still is not a privacy layer.
Kevin Beaumont @GossiTheDog
If you think a VPN provides anonymity, know that you can get access details without even needing a court order, it’s pretty routine in cybersecurity circles.

Quick thread.  Starting point, ISPs sell or give customer Netflow data to security firms. vice.comHow Data Brokers Sell Access to the Backbone of the InternetISPs are quietly distributing “netflow” data that can, among other things, trace traffic through VPNs.11:23 PM ∙ May 5, 2022
550Likes213Retweets

Nakasone stays on.
780th Military Intelligence Brigade (Cyber) @780thCNASHVILLE — USCYBERCOM and NSA chief Gen. Paul Nakasone has been asked to remain in his post for another year, extending a term that has seen the organizations expand their missions to include election security and combating ransomware. therecord.media/nakasone-to-re… @TheRecord_Media
therecord.mediaNakasone has been asked to remain at helm of NSA, Cyber CommandU.S. Cyber Command and National Security Agency chief Gen. Paul Nakasone has been asked to remain in his post for another year, according to two senior defense officials, extending a four-year term that has seen the organizations expand their missions to include election security and combating ranso…10:11 AM ∙ May 6, 2022
17Likes12Retweets

Don't miss what's next. Subscribe to the grugq's newsletter: