November 2, 2022

                            November 2, 2022

                November 2, 2022

                        Alfredo Ortega @ortegaalfredo
"We downgraded it from CRITICAL because the small elite of friends we showed this in advance can't write exploits and think everything is exploitable." 
Mark J Cox @iamamoose
The OpenSSL 3.0.7 release fixes two HIGH issues.  Find out why we downgraded today from CRITICAL in the advisory and blog post https://t.co/sfABUzw5eA12:07 PM ∙ Nov 2, 2022
7Likes5Retweets
-
Dmitry Chestnykh / Stop the war! @dchest
Comments on Tor blog are like YouTube comments but with crypto 
12:42 AM ∙ Feb 26, 2016
334Likes205Retweets
-
Gay Dave - Bad Boy Criminal Drug Guy @mistahbuhau
I didn't have "richest man in the world begs Stephen King for $8" on my 2022 bingo card, but here we are. 
Elon Musk @elonmusk
@StephenKing We need to pay the bills somehow! Twitter cannot rely entirely on advertisers. How about $8?6:30 AM ∙ Nov 1, 2022
6,331Likes1,453Retweets
-
Noted Security Wizard Pwn All The Things @pwnallthethings
Folks who've been up for a while waiting for this "critical" #openssl vulnerability, here it is. Quick thread of initial thoughts 4:12 PM ∙ Nov 1, 2022
378Likes159Retweets
-
Subscribe now

crazy ass moments in Something Awful history @SA__moment
Alright, you've been waiting very patiently and I thank you. At long last: Here's the story of Halloween 2013, the night that killed one of the biggest old-school vBulletin-style internet forums. 🧵 
11:32 PM ∙ Nov 1, 2022
1,379Likes286Retweets
-
Alex Stamos @alexstamosMore evidence that Twitter will continue to be a key tool US adversaries attempt to use to influence American politics.

Six networks from China and Iran were taken down by Twitter. I really hope Musk supports this work in the future. 

eipartnership.net/blog/inauthent…
12:21 AM ∙ Nov 2, 2022
246Likes90Retweets
-
Philip 🌻 Reiner @philreiner
Today's FinCEN report lays out a clear USG take on Russian ties to the majority of ransomware attacks: "75% of ransomware incidents between July-Dec 2021 'had a nexus to Russia, its proxies, or persons acting on its behalf'" --> and this is just from BSA related reporting 
Institute for Security and Technology @IST_orgNEW from @USTreasury’s FinCEN: Ransomware-related BSA filings reached $1.2 billion in 2021, up 188% from 2020.
As the cost of #ransomware keeps rising, governments, the private sector & civil society must continue to come together to solve the problem.
https://t.co/rkaFdsz29S9:36 PM ∙ Nov 1, 2022
33Likes15Retweets
-
Jason Leopold @JasonLeopoldNEW #FOIA SCOOP/🧵Took me 6 yrs to pry this out of NSA

A few wks before @Snowden's leaks were published, 2 NSA employees contacted NSA IG to blow the whistle on unauthorized surveillance

IG substantiated it

W/@KatrinaManson @WilliamTurton @rj_gallagher 
bloomberg.com/news/articles/… 
2:09 PM ∙ Nov 1, 2022
1,352Likes682Retweets
-
Shashank Joshi @shashj
Great thread by Alessio on why Ukraine's naval drone attack is not a technical revolution of any sort. He compares it to 16th century fires ships. "So, far it has only proved that tech can renew what one knew already: war at sea is asymmetric". But a few other thoughts: 
Alessio Patalano @alessionaval
Good morning Twitter. I am back. Courtesy of the Russian Navy's commitment to test if and how naval warfare evolves. Yes, a thread about the 'naval drone' attack conducted at the WE by seemingly Ukrainian forces against the Black Sea Fleet. Spoiler alert: NOT. A. REVOLUTION.10:55 AM ∙ Nov 1, 2022
265Likes45Retweets
-
Marcel Böhme @mboehme_
"Successful exploitation is always evidence of someone’s incorrect assumptions about the computational nature of the system"

//8:19 PM ∙ Oct 31, 2022
77Likes12Retweets
-
hardmaru @hardmaru
The Simpsons in the style of Anime ｘ Death Note:
4:31 PM ∙ Nov 1, 2022
817Likes134Retweets
-
Bret Devereaux @BretDevereauxThis article on the history of failed American interventions in Haiti (foreignpolicy.com/2022/10/31/hai…) is really informative but it also put me in mind of broader patterns of failed western interventions and I have some thoughts as to why they keep failing. 1/
foreignpolicy.comHaiti’s Elites Keep Calling for the U.S. MarinesThe United States must break the habit of disastrous intervention.10:33 PM ∙ Nov 1, 2022
163Likes41Retweets
Wayne E. Lee @MilHist_Lee
@BretDevereaux Bret is referring to this piece: academia.eduConquer, extract, and perhaps govern: organic economies, logistics, and violence in the pre-industrial worldMy essay laying out the basics of my theory on conquest in the pre-industrial world, as found in Erica Charters, Marie Houllemare and Peter H. Wilson, eds. A Global History of Early Modern Violence and its Restraint (Manchester University Press,1:54 AM ∙ Nov 2, 2022
-

-
The Unknown Misfit @TheSpotter8
I remember this one time I peed in the pool. The lifeguard yelled so loud I almost fell in.8:45 PM ∙ Jun 30, 2022
1,366Likes416Retweets
-
Ben Schwarz @benschwarz🧑‍🎨: do you think it’s a problem that people are using AI to generate imagery (sometimes for profit) using artists works as the source?

Tech: nah, get out of the way of this clearly genius innovation

GitHub: hey so we trained copilot using your code…

Tech: you WHAT?!!4:41 AM ∙ Nov 2, 2022
147Likes38Retweets-
Invasive Diffusion: How one unwilling illustrator found herself turned into an AI model

https://waxy.org/2022/11/invasive-diffusion-how-one-unwilling-illustrator-found-herself-turned-into-an-ai-model/

-
The Telegraph @Telegraph
📽️Outsized baubles from a Christmas display have caused chaos on London's Tottenham Court Road after rolling into traffic.

Read more here ⬇️
telegraph.co.uk/news/2022/11/0… 
3:43 PM ∙ Nov 1, 2022
10,308Likes2,846Retweets
-
Rory Cormac @RoryCormac
To expose or not to expose forgeries? [1976 edition]

US: particularly blatant or clumsy forgeries are worth exposing 
11:49 AM ∙ Nov 2, 2022
6Likes1Retweet
-
Project Zero Bugs @ProjectZeroBugs
Gregor Samsa: Exploiting Java's XML Signature Verification googleprojectzero.blogspot.comGregor Samsa: Exploiting Java’s XML Signature VerificationBy Felix Wilhelm, Project Zero Earlier this year, I discovered a surprising attack surface hidden deep inside Java’s standard library: A cus...11:44 AM ∙ Nov 2, 2022
11Likes7Retweets
-
Noted Security Wizard Pwn All The Things @pwnallthethings
For folks worried about the NYT "nuclear conversations" article, here's the four important bits. 
11:33 AM ∙ Nov 2, 2022
158Likes51Retweets
-
Jan Schaumann @jschaumaTIL: crt.sh allows direct postgresql access and there goes my evening... 
12:23 AM ∙ Nov 2, 2022
656Likes139Retweets
-
Matt Green @mattgreencomedy
The New Home Office Glossary! 
7:33 PM ∙ Nov 1, 2022
1,623Likes494Retweets
-

                            Don't miss what's next. Subscribe to the grugq's newsletter: