November 17, 2023

                        November 17, 2023

            November 17, 2023

        November 17, 2023

As part of our new report on RTB as a security threat and previously unreported, we reveal 'Patternz', a private mass surveillance system that harvests digital advertising data on behalf of 'national security agencies'.

5 billion user profiles, data from 87 adtech firms. Thread: pic.twitter.com/CnXUGN8FmK
— Wolfie Christl (@WolfieChristl) November 14, 2023

'Patternz' in the report by @johnnyryan and me published today:https://t.co/LmBlIanBrp

Patternz is operated by a company based in Israel and/or Singapore. I came across it some time ago, received internal docs. Two docs are available online.

Some more details in this thread. pic.twitter.com/NF9X1Qn2NM
— Wolfie Christl (@WolfieChristl) November 14, 2023

                  Thread by @WolfieChristl on Thread Reader App â Thread Reader App
@WolfieChristl: As part of our new report on RTB as a security threat and previously unreported, we reveal 'Patternz', a private mass surveillance system that harvests digital advertising data on behalf of 'national...â¦            

Your browser does not need another shitty Chrome Extension. But if you're into #OSINT, you'll need OSINT-Tool.

PS: We're on Product Hunt today: https://t.co/Trsf8SAI9W pic.twitter.com/B2rEUpNFuu
— Vortimo (@VortimoTech) November 16, 2023

                   David R. MacIver: "Me like two months ago: "I just need to whip up a…" - Mastodon
Me like two months ago: "I just need to whip up a halfway decent UI for this thing..."

Me today: No, fuck it, I'm just going to ship without an adequate UI.

Anyway, if you want a new test-case reducer to play with (who doesn't?!), I think shrink ray is probably worth giving a go now. https://github.com/DRMacIver/shrinkray            

From my earlier musings on how to obfuscate WireGuard to deal with censorship, this solution appears to be an option:

                  v2ray + wireguard to unblock gfw and netflix,spotify,hulu · GitHub
v2ray + wireguard to unblock gfw and netflix,spotify,hulu - v2ray_wireguard_netflix_spotify_hulu.md            

V2Ray + wireguard. 
An alternative option is using the Cloak tool for the obfuscation layer

                  GitHub - cbeuw/Cloak: A censorship circumvention tool to evade detection by authoritarian state adversaries
A censorship circumvention tool to evade detection by authoritarian state adversaries - GitHub - cbeuw/Cloak: A censorship circumvention tool to evade detection by authoritarian state adversaries            

Client
{
  "Transport": "direct",
  "ProxyMethod": "wireguard",
  "EncryptionMethod": "chacha20-poly1305",
  "UID": "<INSERT UID>",
  "PublicKey": "<INSERT PUB KEY>",
  "ServerName": "www.bing.com",
  "NumConn": 4,
  "BrowserSig": "chrome",
  "StreamTimeout": 300
}

Server
{
    "ProxyBook": {
    "shadowsocks": [
        "udp",
        "127.0.0.1:5558"
    ],
    "wireguard": [
        "udp",
        "127.0.0.1:51820"
    ]
    },
    "BindAddr": [
        ":443",
        ":80"
  ],
  "BypassUID": [
      "<INSERT B64 of UID>",
  ],
  "RedirAddr": "cloudflare.com",
  "PrivateKey": "<INSERT PRIV KEY>",
  "AdminUID": "",
  "DatabasePath": "userinfo.db"
}

Secret agent pic.twitter.com/Wz3io68Yc3
— ToothyBj (@toothybj) February 17, 2023

                  Hell freezes over – Apple to support RCS messages from Android phones next year | TechRadar
Breaking: Apple will support RCS - the green bubble shame set to end            

pic.twitter.com/0T8o5RpBOc
— Classical Studies Memes for Hellenistic Teens (@CSMFHT) November 16, 2023

                  Zimbra 0-day used to target international government organizations
TAG’s discovery of a 0-day exploit used to steal email data from international government organizations.            

                  GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities
A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities  - GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabil...            

This is the best supercut I’ve ever seen https://t.co/skFIktxrV7 pic.twitter.com/U0a1lXx9Kj
— Xaniken (@Xaniken) November 10, 2023

Found the original video on telegram but this is the YT channel it’s from. Found this by digging through the twitter account of the guy who posted it and it is indeed his video so credit goes where credit is duehttps://t.co/M3KjqAqLXH
— Xaniken (@Xaniken) November 10, 2023

                   Escaping the sandbox: A bug that speaks for itself | Microsoft Browser Vulnerability Research
Introduction            

😭😭😭 pic.twitter.com/TBNIIUpKL2
— vx-underground (@vxunderground) November 17, 2023

This issue is easily exploitable. @trailofbits rapidly prototyped an attack with unoptimized Python and seed recovery took only days on a single Macbook.
If you have a wallet you suspect may be affected: *migrate your funds to a new wallet immediately.* pic.twitter.com/PBFDpksrYP
— Trail of Bits (@trailofbits) November 16, 2023

                        Don't miss what's next. Subscribe to the grugq's newsletter:

          Start the conversation:

            Be the first to share your thoughts

the grugq's newsletter

November 17, 2023

November 17, 2023

Thread by @WolfieChristl on Thread Reader App â Thread Reader App

@WolfieChristl: As part of our new report on RTB as a security threat and previously unreported, we reveal 'Patternz', a private mass surveillance system that harvests digital advertising data on behalf of 'national...â¦

David R. MacIver: "Me like two months ago: "I just need to whip up a…" - Mastodon

v2ray + wireguard to unblock gfw and netflix,spotify,hulu · GitHub

v2ray + wireguard to unblock gfw and netflix,spotify,hulu - v2ray_wireguard_netflix_spotify_hulu.md

GitHub - cbeuw/Cloak: A censorship circumvention tool to evade detection by authoritarian state adversaries

A censorship circumvention tool to evade detection by authoritarian state adversaries - GitHub - cbeuw/Cloak: A censorship circumvention tool to evade detection by authoritarian state adversaries

Hell freezes over – Apple to support RCS messages from Android phones next year | TechRadar

Breaking: Apple will support RCS - the green bubble shame set to end

Zimbra 0-day used to target international government organizations

TAG’s discovery of a 0-day exploit used to steal email data from international government organizations.

GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities

A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities - GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabil...

Escaping the sandbox: A bug that speaks for itself | Microsoft Browser Vulnerability Research

Introduction

Thread by @WolfieChristl on Thread Reader App â Thread Reader App

@WolfieChristl: As part of our new report on RTB as a security threat and previously unreported, we reveal 'Patternz', a private mass surveillance system that harvests digital advertising data on behalf of 'national...â¦