October 5, 2022

                October 5, 2022

            October 5, 2022

Byron Wan @Byron_Wan🇨🇳 Ministry of Foreign Affairs want floor plans and agreement details of all properties leased/purchased by foreign missions in HK and has even asked to inspect new premises before foreign staff enter.

Beijing can use such info to plant listening devices.
ft.com/content/c837e9…
ft.comSubscribe to read | Financial TimesNews, analysis and comment from the Financial Times, the worldʼs leading global business publication11:11 AM ∙ Oct 4, 2022
46Likes25Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Jeff Moss @thedarktangent
Got the Google analytics for @infoconorg and how people find the site.. top result? 
12:03 PM ∙ Oct 4, 2022
39Likes3Retweets
-
Justine Tunney @JustineTunneyOur ipv4.games gce vm is holding up well so far. It's getting upwards of 900,000 http write requests per minute. It's really exciting to see Cosmopolitan Libc performing so well. The server's source code is here: github.com/jart/cosmopoli… 
11:01 PM ∙ Oct 3, 2022
83Likes11Retweets
-
tante @tanteReally liked this essay on the history and to a degree failure of "Agile"
logicmag.io/clouds/agile-a… 
8:16 AM ∙ Oct 4, 2022
194Likes60Retweets
-
Kelly Shortridge @swagitda_
Cybersecurity Awareness Month Tip #2

Attackers learn quickly. They may approach humans in search of data, becoming aggressive and unpredictable.

So, lock up your data in attacker-resistant containers (“attacker canisters”) and do NOT dispose of uneaten data in the wilderness!!!1:25 PM ∙ Oct 4, 2022
38Likes10Retweets
-
Nicolas Krassas @Dinosn
Real-world infosec wordlists, updated regularly

github.comGitHub - trickest/wordlists: Real-world infosec wordlists, updated regularlyReal-world infosec wordlists, updated regularly. Contribute to trickest/wordlists development by creating an account on GitHub.5:45 AM ∙ Oct 2, 2022
735Likes204Retweets
-
Dan Goodin @dangoodin001No big deal. Just another offer to pay me a secret $2k to $5k in exchange for me writing an article about a companies I'd otherwise NEVER cover.

Part 1: Tanveer DMs me on Twitter. 
8:50 PM ∙ Oct 3, 2022
406Likes90Retweets-
Brendan Nyhan @BrendanNyhan
Incredible. Almost art. Did no one at PNAS take a class on surveys? What is happening?  
Aly Light @metallicbranch
Am I reading this wrong, or have economists just discovered that attitudes can be measured? https://t.co/PVsTDmfc0211:28 AM ∙ Oct 4, 2022
1,272Likes187Retweets
-
How criminals use jammers and deauthers to disrupt wifi security cameras

https://www.wxyz.com/news/how-criminals-are-using-jammers-deauthers-to-disrupt-wifi-security-cameras

-
jynik @sz_jynik
My latest blog post details an old-but-interesting vulnerability arising from the use of ROM-resident API from a second-stage loader on NXP i. MX devices.

Seems it was fixed rather quietly, so I'm really curious to hear about any unpatched devices.

research.nccgroup.comShining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX DevicesNXP’s HABv4 API documentation references a now-mitigated defect in ROM-resident High Assurance Boot (HAB) functionality present in devices with HAB version < 4.3.7. I could find no further public documentation on whether this constituted a vulnerability or an otherwise “uninteresting” errata item, s…12:29 AM ∙ Oct 5, 2022
36Likes25Retweets
-
The Dad Joke Man @DadJokeMan
The names Bond, James Bond.

And you are....?

#JamesBondDay 
6:19 AM ∙ Oct 5, 2022
1,157Likes111Retweets
-
raptor @0xdeaSecuring Developer Tools: A New Supply Chain Attack on PHP

// by @SonarSource 

blog.sonarsource.com/securing-devel…

See also 
blog.sonarsource.comPHP Supply Chain Attack on ComposerWe recently discovered a vulnerability in Composer, the main package manager for PHP, and were able to use it to take over the central repository, packagist.org.5:53 AM ∙ Oct 5, 2022
14Likes7Retweets
-
Patrick Gray @riskybusinessThis week's show is up!

risky.biz/RB681 
4:04 AM ∙ Oct 5, 2022
16Likes3Retweets
-
Tyler Rogoway @Aviation_Intel
New reality of modern warfare that was anything but unforeseeable: the 'democratization' of long-range precision strikes via cheap, hard-to-spot, hard-to-shoot down, and potentially overwhelming 'suicide' drones. And yes, this puts critical fuel and weapons storage areas at risk. 
Maria Avdeeva @maria_avdv
Bila Tserkva, 80 km north of Kyiv, was attacked by at least 6 Iranian Shahed-136 drones tonight. This caused a major fire at infrastructure facilities. Reportedly 16 drones were launched from the south of Ukraine in the direction of Odesa, Dnipro and Kyiv overnight. https://t.co/JQN9ymj8jj7:47 AM ∙ Oct 5, 2022
1,003Likes250Retweets
-
Lukasz Olejnik @lukOlejnikUK released a new edition of “Cyber Primer”. Worth to look. “Cyber activity cannot be the responsibility of one government department or agency alone”. Completely agree! It’s holistic. Interesting finds below. They mix terms “attack” and “operation”! assets.publishing.service.gov.uk/government/upl… 
9:52 AM ∙ Oct 5, 2022
13Likes14Retweets
-
Christine Duhaime @cduhaime
A Canadian govt computer expert decided to join a Russian Bitcoin hacking extortion ring. He made $28,000,000 in #Bitcoin proceeds of crime in Canada. Then the US found him and he's now gonna spend 20 years in jail. cbc.caCanadian ransomware hacker likened to modern-day ‘Jesse James’ gets 20 years in U.S. prison | CBC NewsFormer Canadian government IT specialist turned ransomware hacker Sebastien Vachon-Desjardins has been sentenced to a 20-year prison term in the United States in what a federal court judge called “the worst case he’s ever seen.”3:10 AM ∙ Oct 5, 2022
104Likes28Retweets
-
Frederic Jacobs @FredericJacobs
#GDPRxit just happened
"I am announcing that we will be replacing GDPR with our own business and consumer-friendly, British data protection system”
ukpol.co.ukMichelle Donelan – 2022 Speech to Conservative Party Conference – UKPOL.CO.UK9:08 AM ∙ Oct 5, 2022
22Likes10Retweets
-
The Dialectical Biologist @DialecticBioYou can't predict facial phenotype from DNA, this is pseudoscience. See biorxiv.org/content/10.110…

They don't even know the age, BMI, hairstyle, or any other identifying features, yet depict a face anyway. This tech will only end up putting innocent people in prison 
Edmonton Police @edmontonpolicePolice use DNA phenotyping in unsolved sexual assault: The Edmonton Police Service is, for the first time in its history, using DNA phenotyping in the hopes of identifying a suspect in a 2019 sexual assault. 

On Sunday, March 10, 2019, at approximately… https://t.co/IOSBmG8SYq https://t.co/JS0FjZ6xVr
4:03 AM ∙ Oct 5, 2022
343Likes131Retweets
-
milo edwards @Milo_Edwards
never thought i’d live to see the british government outflanked economically to the left by the ceo of shell https://t.co/w2WzGUV4Nn
Sky News @SkyNews
The CEO of Shell has called on the government to tax oil and gas companies in order to protect the poorest people in society from soaring energy costs https://t.co/3ZEBexKwCl10:04 AM ∙ Oct 5, 2022
2,559Likes412Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Don't miss what's next. Subscribe to the grugq's newsletter: