October 26, 2023
October 26, 2023
Jan Schaumann: "Ken Thompson's original Unix backdoor of "Reflect…" - Mastodon 🐘
Ken Thompson's original Unix backdoor of "Reflections on Trusting Trust" fame was apparently never published. 40 years (!) later, here it is: 99 lines of code plus a 20-line shell script. That's it. Nicely annotated and explained by Russ Cox: https://research.swtch.com/nih
Let’s talk about the term “meth lab.” Are these people actually doing meth research? https://t.co/7DLQofJXT5
— Matthew Green (@matthew_d_green) October 26, 2023
former meth lab in san jose (with meth contamination) is selling for $1.5M
— derek guy (@dieworkwear) October 26, 2023
🔗: https://t.co/XxCkhwKTVI pic.twitter.com/vfwxuQ7I4J
CVE-2023-40404 is a fascinating vulnerability that was present in the Networking kernel extension for over two decades. It was actually patched in earlier versions, but the advisory was published with macOS 14.1. https://t.co/zOsGtQaib0
— Tielei (@WangTielei) October 26, 2023
Reminder that there is no current way (and is unlikely to be a future way) to detect AI-generated content. And AI detectors all have high false positive rates.
— Ethan Mollick (@emollick) October 25, 2023
One thing I have seen teachers do is ask ChatGPT whether AI wrote something. Don't do that👇👇https://t.co/TcJUbn1Dzk pic.twitter.com/MRfiIYzZz4
Okta got hacked. Leading to impact for CloudFlare, 1Password, and BeyondTrust.
— Matt Johansen (@mattjay) October 24, 2023
Here's everything we know about it:
Thread by @mattjay on Thread Reader App â Thread Reader App
@mattjay: Okta got hacked. Leading to impact for CloudFlare, 1Password, and BeyondTrust. Here's everything we know about it: Oktaâs support system was compromised, allowing unauthorized access to sensitive files uplo...â¦
iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices
https://ileakage.com
iLeakage: Speculative execution attack on Safari, iPhone, iPad and Mac, allowing a hostile website to extract your passwords and other secrets.https://t.co/LYApQf1YD4
— Mikko Ohtamaa (@moo9000) October 25, 2023
The only way to be safe is to stop using Safari:
At the time of public release, Apple has implemented a… pic.twitter.com/Ot7dv8tHy9
Skyview
cashier: have a nice day me: how
That is very convenient 😂 pic.twitter.com/Hi8FtpxQos
— Kevin2600 (@Kevin2600) October 25, 2023
#ESETResearch discovered a zero-day XSS vulnerability (#CVE-2023-5631) in Roundcube Webmail servers. It is actively used in the wild by #WinterVivern to target governments and a think tank in Europe. The exploit was contained in a legitimate-looking email about Outlook. 1/4 pic.twitter.com/bKPp9KIXE0
— ESET Research (@ESETresearch) October 25, 2023
The outstanding stealth of Operation Triangulation
— blackorbird (@blackorbird) October 25, 2023
IOS 0day module malwarehttps://t.co/LiHeDUKeCY pic.twitter.com/Z7R2mA1oUo
"Israel’s using widespread GPS tampering to deter Hezbollah’s missiles". This video seems to show GPS/GNSS spoofing around Israel, with many aircraft suddenly teleporting to a position in northern Israel. Video from https://t.co/8BtepvKviy pic.twitter.com/U0iIVVQlKw
— John Wiseman (@lemonodor) October 24, 2023
Non-state actors adapt to modern SIGINT & learn the importance of air-gapped communication systems. Maybe we’ll see a return to the old art of cutting physical landlines to force signals back over other channels. https://t.co/QCHWXhpAPW
— Shashank Joshi (@shashj) October 25, 2023
This is pretty much what I expected, and wrote about in one of my recent articles. The main difference is that I focused on more decentralized scenarios where radio would be more feasible than hardwired phones, but the basic logic remains the same. pic.twitter.com/gKu3KibmE0
— Tony Ingesson (@tonyingesson) October 25, 2023