November 17, 2023

migrate your funds to a new wallet immediately.

                            November 17, 2023

                November 17, 2023

                        November 17, 2023
As part of our new report on RTB as a security threat and previously unreported, we reveal 'Patternz', a private mass surveillance system that harvests digital advertising data on behalf of 'national security agencies'.

5 billion user profiles, data from 87 adtech firms. Thread: pic.twitter.com/CnXUGN8FmK
— Wolfie Christl (@WolfieChristl) November 14, 2023

'Patternz' in the report by @johnnyryan and me published today:https://t.co/LmBlIanBrp

Patternz is operated by a company based in Israel and/or Singapore. I came across it some time ago, received internal docs. Two docs are available online.

Some more details in this thread. pic.twitter.com/NF9X1Qn2NM
— Wolfie Christl (@WolfieChristl) November 14, 2023

            Thread by @WolfieChristl on Thread Reader App â Thread Reader App
            @WolfieChristl: As part of our new report on RTB as a security threat and previously unreported, we reveal 'Patternz', a private mass surveillance system that harvests digital advertising data on behalf of 'national...â¦

Your browser does not need another shitty Chrome Extension. But if you're into #OSINT, you'll need OSINT-Tool.

PS: We're on Product Hunt today: https://t.co/Trsf8SAI9W pic.twitter.com/B2rEUpNFuu
— Vortimo (@VortimoTech) November 16, 2023

            David R. MacIver: "Me like two months ago: "I just need to whip up a…" - Mastodon
            Me like two months ago: "I just need to whip up a halfway decent UI for this thing..."

Me today: No, fuck it, I'm just going to ship without an adequate UI.

Anyway, if you want a new test-case reducer to play with (who doesn't?!), I think shrink ray is probably worth giving a go now. https://github.com/DRMacIver/shrinkray

From my earlier musings on how to obfuscate WireGuard to deal with censorship, this solution appears to be an option:

            v2ray + wireguard to unblock gfw and netflix,spotify,hulu · GitHub
            v2ray + wireguard to unblock gfw and netflix,spotify,hulu - v2ray_wireguard_netflix_spotify_hulu.md

V2Ray + wireguard. 
An alternative option is using the Cloak tool for the obfuscation layer

            GitHub - cbeuw/Cloak: A censorship circumvention tool to evade detection by authoritarian state adversaries
            A censorship circumvention tool to evade detection by authoritarian state adversaries - GitHub - cbeuw/Cloak: A censorship circumvention tool to evade detection by authoritarian state adversaries

Client
{
  "Transport": "direct",
  "ProxyMethod": "wireguard",
  "EncryptionMethod": "chacha20-poly1305",
  "UID": "<INSERT UID>",
  "PublicKey": "<INSERT PUB KEY>",
  "ServerName": "www.bing.com",
  "NumConn": 4,
  "BrowserSig": "chrome",
  "StreamTimeout": 300
}

Server
{
    "ProxyBook": {
    "shadowsocks": [
        "udp",
        "127.0.0.1:5558"
    ],
    "wireguard": [
        "udp",
        "127.0.0.1:51820"
    ]
    },
    "BindAddr": [
        ":443",
        ":80"
  ],
  "BypassUID": [
      "<INSERT B64 of UID>",
  ],
  "RedirAddr": "cloudflare.com",
  "PrivateKey": "<INSERT PRIV KEY>",
  "AdminUID": "",
  "DatabasePath": "userinfo.db"
}

Secret agent pic.twitter.com/Wz3io68Yc3
— ToothyBj (@toothybj) February 17, 2023

            Hell freezes over – Apple to support RCS messages from Android phones next year | TechRadar
            Breaking: Apple will support RCS - the green bubble shame set to end

pic.twitter.com/0T8o5RpBOc
— Classical Studies Memes for Hellenistic Teens (@CSMFHT) November 16, 2023

            Zimbra 0-day used to target international government organizations
            TAG’s discovery of a 0-day exploit used to steal email data from international government organizations.

            GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities
            A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities  - GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabil...

This is the best supercut I’ve ever seen https://t.co/skFIktxrV7 pic.twitter.com/U0a1lXx9Kj
— Xaniken (@Xaniken) November 10, 2023

Found the original video on telegram but this is the YT channel it’s from. Found this by digging through the twitter account of the guy who posted it and it is indeed his video so credit goes where credit is duehttps://t.co/M3KjqAqLXH
— Xaniken (@Xaniken) November 10, 2023

            Escaping the sandbox: A bug that speaks for itself | Microsoft Browser Vulnerability Research
            Introduction

😭😭😭 pic.twitter.com/TBNIIUpKL2
— vx-underground (@vxunderground) November 17, 2023

This issue is easily exploitable. @trailofbits rapidly prototyped an attack with unoptimized Python and seed recovery took only days on a single Macbook.

If you have a wallet you suspect may be affected: migrate your funds to a new wallet immediately. pic.twitter.com/PBFDpksrYP
— Trail of Bits (@trailofbits) November 16, 2023

                            Don't miss what's next. Subscribe to the grugq's newsletter:

November 17, 2023

November 17, 2023

Thread by @WolfieChristl on Thread Reader App â Thread Reader App

@WolfieChristl: As part of our new report on RTB as a security threat and previously unreported, we reveal 'Patternz', a private mass surveillance system that harvests digital advertising data on behalf of 'national...â¦

David R. MacIver: "Me like two months ago: "I just need to whip up a…" - Mastodon

v2ray + wireguard to unblock gfw and netflix,spotify,hulu · GitHub

v2ray + wireguard to unblock gfw and netflix,spotify,hulu - v2ray_wireguard_netflix_spotify_hulu.md

GitHub - cbeuw/Cloak: A censorship circumvention tool to evade detection by authoritarian state adversaries

A censorship circumvention tool to evade detection by authoritarian state adversaries - GitHub - cbeuw/Cloak: A censorship circumvention tool to evade detection by authoritarian state adversaries

Hell freezes over – Apple to support RCS messages from Android phones next year | TechRadar

Breaking: Apple will support RCS - the green bubble shame set to end

Zimbra 0-day used to target international government organizations

TAG’s discovery of a 0-day exploit used to steal email data from international government organizations.

GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities

A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities - GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabil...

Escaping the sandbox: A bug that speaks for itself | Microsoft Browser Vulnerability Research

Introduction

Thread by @WolfieChristl on Thread Reader App â Thread Reader App

@WolfieChristl: As part of our new report on RTB as a security threat and previously unreported, we reveal 'Patternz', a private mass surveillance system that harvests digital advertising data on behalf of 'national...â¦