November 27, 2022

hint

                            November 27, 2022

                November 27, 2022

                        New Perun!

-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

-
b1ack0wl @b1ack0wl
I've finally completed part 1 (of 2) of my analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers. I hope you all enjoy ♥️

github.comvulnerability-write-ups/Part1.md at master · b1ack0wl/vulnerability-write-upsThis repo contains write ups of vulnerabilities I’ve found and exploits I’ve publicly developed. - vulnerability-write-ups/Part1.md at master · b1ack0wl/vulnerability-write-ups3:52 AM ∙ Nov 27, 2022
187Likes60Retweets
-
What’s the chance this is about attacking ransomware? (Pretty much zero, but still… nice idea. hint hint ASD)
payloadartist @payloadartist"How security professionals are being attacked: A study of malicious CVE proof of concept exploits in GitHub"

This research paper found that ~10% PoC repositories on Github were malicious 😬

arxiv.org/pdf/2210.08374…

#infosec #cybersecurity #bugbounty #bugbountytips 
2:30 PM ∙ Nov 26, 2022
30Likes21Retweets-
I can't distinguish 'effective altruism' from Terry Pratchett's "Yen Buddhism":
"The Yen Buddhists are the richest religious sect in the universe. They hold that the accumulation of money is a great evil and burden to the soul. They therefore, regardless of personal hazard, see it as their unpleasant duty to acquire as much as possible in order to reduce the risk to innocent people."

https://thecooltable.wtf/@ncweaver/109413330770253058

-
Hilarious protip for dealing with request by email from unethical boss to do something unethical: forward it to security as a suspected phishing attempt.

https://hachyderm.io/@dalias/109401297808419257

-
Seems BH put up the videos from USA 2022. Here's mine and @monoxgas's talk on Kerberos

https://infosec.exchange/@tiraniddo/109412706737093613

-
The recent hack of FarsNews agency (pro gov and IRGC funded) and their leaked internal documents is the tip of iceberg, showing how a dictatorship and authoritarian regime runs their media and propaganda machine. These are great materials and case-studies for the right eye. Language barrier unfortunately keeps people away from in-depth analysis of many of these leaks. 

https://d1ibprhn1zja3r.cloudfront.net/202211267589

https://infosec.exchange/@Hamid/109413210362107922

-
Danson Cheong @dansoncj
Covid control in Beijing has broken down - a thread:
On Friday night I received dreaded notification that one of the residents in my housing block had been picked up as a positive case in community screening and we might be going into lockdown. 1/N 
2:48 AM ∙ Nov 27, 2022
2,392Likes704Retweets
-
Wiggle Wiggle Vigil @DaOfficialVigil
Chinese propaganda of the US Navy. 
7:02 PM ∙ Nov 26, 2022
6,935Likes610Retweets
-
Ian Hussey @ianhussey
“one runs the risk of becoming a slave to the concepts that have been generated. Many researchers have taken terms … from everyday language and expect this linguistic categorization to somehow map to identifiable mechanisms in the brain” 
Richard May @Richiemay
organisms, environments and cognitive systems. 

‘No one knows what attention is’ (Hommel et al., 2019)

https://t.co/vCKfvkK2qz https://t.co/It6LkCfETK
9:42 AM ∙ Oct 13, 2022
98Likes23Retweets
-
EFF @EFF
Strong encryption isn’t in tension with law enforcement—it’s vital for real public safety. eff.orgTop Prosecutors in CA, NY and DC Are Speaking Up For End-to-End EncryptionWe all should have the ability to have a private conversation, and it follows that we need ways to communicate privately online as well. In the digital world, end-to-end encryption is our best chance to maintain our privacy and security. In the fraught legal landscape following the U.S. Supreme...11:05 PM ∙ Nov 26, 2022
81Likes31Retweets
-
Passchendaele for the 21st century.
POPULAR FRONT @PopularFront_#Ukraine: Photos showing the conditions in Ukrainian trenches on the front lines of Bakhmut.

(via @ThomasVLinge) 
1:39 AM ∙ Nov 27, 2022
133Likes25Retweets
I recommend having a look at Otto Dix’s triptych “der Krieg.” 

https://artsandculture.google.com/asset/the-war/CwHM2HdTO3l2vg?hl=en-GB

-
Adversarial Policies Beat Professional-Level Go AIs
…Notably, the adversary does not win by learning to play Go better than KataGo -- in fact, the adversary is easily beaten by human amateurs. Instead, the adversary wins by tricking KataGo into ending the game prematurely at a point that is favorable to the adversary. Our results demonstrate that even professional-level AI systems may harbor surprising failure modes.

https://arxiv.org/abs/2211.00241

                            Don't miss what's next. Subscribe to the grugq's newsletter: