November 10, 2022

                            November 10, 2022

                November 10, 2022

phil @pnc
the dick's sporting goods yeti cooler spam is actually tight as hell from a spam standpoint12:27 AM ∙ Nov 8, 2022
231Likes38Retweets
-
Mastodon support can’t come soon enough. Adding content manually is error prone and awful. Anyway, subscribe.
Subscribe now

-
Graham Sutherland (Polynomial^DSS) @gsuberland
I heard of someone naming their kid Kelvin, insisting that it's pronounced Calvin, and at first I was like "ha, unintentional win", but then realised that everyone at school is going to give them the nickname "absolute unit".11:55 PM ∙ Nov 8, 2022
111Likes15Retweets
-
Dave Itzkoff @ditzkoff
But they were, all of them, deceived, for another Check Mark was made. In the land of Mordor, in the fires of Mount Doom, a master Check Mark was forged in secret to control all others. And into this Check Mark he poured his cruelty, his malice and his will to dominate all life.3:06 AM ∙ Nov 9, 2022
19,989Likes4,152Retweets
-
Joseph Menn @josephmenn
Wow I can’t believe people are sharing a copy of my article out from behind the paywall like this, that’s terrible. archive.pharchive.ph1:09 AM ∙ Nov 9, 2022
161Likes58Retweets
-
Byron Wan @Byron_WanPhil Pascoe, Monica Pascoe, Scott Tubbs and Quadrant Magnetics LLC are charged with wire fraud, violations of the Arms Export Control Act, and smuggling of goods for their roles in an illegal scheme to send export-controlled defense-related technical

1/n justice.gov/opa/pr/three-a…10:48 PM ∙ Nov 9, 2022
30Likes13Retweets-
@hdm This isn't new. Witness this email thread from 2010 https://groups.google.com/g/mozilla.dev.security.policy/c/cs6BpzdxCCg TL;DR: we had the same concerns back then as now, and getting into the root CA store is still way easier than it should be. Just wait till you realize people can buy a small existing CA if they really want in... There's no controls regarding change of controlling ownership really.

https://mastodon.social/@kurtseifried/109317104247793582

>
@kurtseifried@mastodon.social @hdm Define no controls? One of the big pushes I did was on explaining the risks that lead to things like Section 8 of Mozilla’s Root Store Policy - https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#8-ca-operational-changes
Things are vastly different now than the were 10 years ago. I definitely agree that root programs are massively underfunded and understaffed, relative to the risk and benefit. Although Mozilla and Microsoft have both recently greatly backslid in quality and thoroughness, due to losing some great staff in that area, it’s still nowhere near as easy as it was when it was a perfunctory rubber stamp for most of the 2000-2010 period.
Recall that StartCom was distrusted, in part, for failing to disclose an ownership change. Issue R in https://wiki.mozilla.org/CA/WoSign_Issues
I think the biggest loss has been more recently folks assuming it all just magically works. Mozilla, for their part, have always been clear that they rely on community involvement and expertise to help evaluate these requests. While it’s true there’s a lot less participation these days, potentially due to the quality decline in Moz’s thoroughness causing folks to get disillusioned, it’s absolutely something that more folks can and should contribute to.

https://infosec.exchange/@sleevi/109317970219806072

-
Keeping my tradition of painting octopuses on the bottoms of tables in hotel rooms alive 😀

https://mastodon.art/@jamdoodles/109300824619761745

-
71 Years Young @ByYourLogic
guess what happens if 20 accounts exploit this system in a way that further alienated publishers and advertisers that Twitter needs just for Blue to break even? that’s right, $160 for free. they’re practically printing money at this point 
Guslabu @guslabu
@tomwarren The beauty of this is each account that gets verified paid $8. Twitter keeps the money and suspends the account.

It’s genius and I hope more folks do this. It’s free money for Twitter.11:47 PM ∙ Nov 9, 2022
6,166Likes462Retweets-
Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities
#CyberSecurity https://www.hackread.com/microsoft-patches-fix-active-0-day-flaws/

https://mastodon.social/@Mndell/109318142262211906

-
AN OPEN SOURCE LAWYER’S VIEW ON THE COPILOT CLASS ACTION LAWSUIT
In short — it’s bad, and weird, and bad. The worst outcome from this is a situation where output from a model is copyrightable, meaning that any AI produced content would be copyrighted. 

https://katedowninglaw.com/2022/11/10/open-source-lawyers-view-on-the-copilot-class-action-lawsuit/

-

https://infosec.exchange/@mattchis/109318193266323235

-
The Great Crypto-Cop Brain Drain

https://www.wired.com/story/the-great-crypto-cop-brain-drain/

-
E Rosalie @NovelSci
Research by Safeguard Defender found China has at least 110 Overseas police “service stations” that are a part of a global manhunt to “persuade” targets to return voluntarily. Chinese agents are threatening people in 5 continents.  hoaxlines.orgChina has 110 Overseas police “service stations” in global manhunt to “persuade” targets to return voluntarilyAn earlier report from January 2022 from Safeguard Defenders found three types of “legalized kidnapping”6:49 AM ∙ Nov 10, 2022
45Likes22Retweets
-
Christian Paterson @CPaterson2015
Very important slide from ⁦@webmink⁩ at #osxp2022 “open source has succeeded because it allows developers to (re)use software from others without having to talk to those others” that is to say, without the need to negotiate first. 
3:46 PM ∙ Nov 9, 2022
7Likes3Retweets
-
Lukasz Olejnik @LukaszOlejnik@Mastodon.Social @lukOlejnikNew French defence strategy says officially that cyber DETERRENCE DOES NOT WORK? “… application of a deterrent approach in cyberspace that would force any attacker to restrain himself against France is illusory” sgdsn.gouv.fr/uploads/2022/1… 
9:25 AM ∙ Nov 10, 2022
9Likes4Retweets
A bit more here:

https://mastodon.social/@LukaszOlejnik/109318783304732083

-
A predictable disaster over at Twitter.
dangered wolf @dangeredwolf
Twitter recommending following fake accounts because they bought Twitter Blue 
9:50 PM ∙ Nov 9, 2022
4,130Likes982Retweets
Ira Goldman 🦆🦆🦆 @KDbyProxy
ELON MUSK: "Twitter needs to become by far the most accurate source of information about the world. That’s our mission."

Well, with Twitter's new "Verified" badge system, let me just say to @elonmusk, "Sir, Mission Accomplished!" 🏆 
11:31 PM ∙ Nov 9, 2022
41Likes13Retweets
david 🐀 @dav1dxyz
@dangeredwolf Also they're releasing GTA 6 btw!!! 
9:52 PM ∙ Nov 9, 2022
66Likes5Retweets
Chad Loder @chadloder
Massive phishing scams underway. 
2:27 AM ∙ Nov 10, 2022
8,283Likes1,212Retweets
💀 damned sinker 💀 @dansinker
OK, I'm starting a thread of paid bluecheck accounts that impersonate actual verified bluecheck accounts.

May as well start with the account pretending to be Twitter itself to get access to crypto wallets. 
Alex Goldman @AGoldmund
This fake twitter account is impersonating twitter corporate with a newly purchased check mark and gotten 34k rts. This is going great so far. How long before having a check mark will just be a hallmark of scamming? https://t.co/RV3ARb91J710:32 PM ∙ Nov 9, 2022
417Likes242Retweets
-
Osint For All @AllForOsint
Opsec guide for OSINT CTFs - osintforall.inOPSEC For OSINT CTFsCTFs (Capture The Flags) are a great way to enhance your skills. Whether it’s information security or Open Source Intelligence based CTFs, at the end of the day, they improve your problem solving abilities, and also, they are fun!
I started this tradition of making Twitter threads during TraceLabs’s…2:16 AM ∙ Nov 7, 2022
25Likes9Retweets
-
CYBERWARCON Measures, LLC @FCDserviceA_llc

Christo Grozev @christogrozev
Roman means this payment slip: the GRU wired money to their assets in Serbia via Western Union. Sender address: Khoroshevskoe Chausse 76b. Because accounting. https://t.co/lw5HQsHgsC https://t.co/u7BGHsXwl37:48 PM ∙ Nov 5, 2022
56Likes7Retweets
-
merritt k @merrittkFor a while now I've been working on a photo book of LAN parties documenting the phenomenon and culture. You can preorder it now! vol.co/product/LAN-pa… 
9:33 PM ∙ Nov 9, 2022
21,207Likes2,389Retweets
-
🦀 Jon Schwarz 🦀 @schwarz
Tesla's stock price how now fallen 46% since Elon Musk's bid to buy Twitter became public on April 14. This has reduced Tesla's market value by almost half a trillion dollars. (For comparison, the S&P's fallen about 15% during the same time.) 
10:26 PM ∙ Nov 9, 2022
3,785Likes801Retweets
-

                            Don't miss what's next. Subscribe to the grugq's newsletter: