September 17, 2022

                September 17, 2022

            September 17, 2022

            I spoke with Military History Visualised about the Russian Ukraine cyber war. The first of three or four videos is up.
Military History Visualized @MilHiVisualizedThe Russian Victory that everyone missed. For this I talked to the @thegrugq 
youtube.com/watch?v=Sooyns… 
7:01 PM ∙ Sep 16, 2022
41Likes4Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

New Perun video a day early.

-
Ian Coldwater 📦💥 @IanColdwater
If phishing a single employee can lead to everything in your infrastructure being compromised that easily, that employee is not to blame9:30 AM ∙ Sep 16, 2022
10,333Likes1,861Retweets
Dan Lorenc @lorenc_dan
This. @dinodaizovi framed it best when he said that most insider risk programs would be better framed as insider protection programs.

Employees become less attractive targets for attackers if they don't have complete root access to the entire company. 
Ian Coldwater 📦💥 @IanColdwater
If phishing a single employee can lead to everything in your infrastructure being compromised that easily, that employee is not to blame10:21 AM ∙ Sep 16, 2022
71Likes20Retweets
Dino A. Dai Zovi @dinodaizovi
Strong underline on this: implementing multi-party authorization and least privilege is critical to protecting your insiders and making them useless to target. 
Dan Lorenc @lorenc_danThis. @dinodaizovi framed it best when he said that most insider risk programs would be better framed as insider protection programs.

Employees become less attractive targets for attackers if they don't have complete root access to the entire company. https://t.co/O2agjb5GgX1:43 PM ∙ Sep 16, 2022
43Likes19Retweets
-
raptor @0xdea
CVE North Stars by @clearbluejar: "a method to kickstart vulnerability research by taking advantage of the CVE information freely available [and patch diffing]" << seems interesting, gotta check this out soon

cve-north-stars.github.ioHomeLeveraging CVE, patch diffing, and root cause analysis to kickstart your vulnerability hunting adventure.2:30 PM ∙ Sep 16, 2022
27Likes7Retweets
-
Dino A. Dai Zovi @dinodaizovi
This is all good advice: news.ycombinator.comAs another commenter pointed out: you authorize the executor of the script, not ... | Hacker News1:59 PM ∙ Sep 16, 2022
9Likes3Retweets
-
Andrey Konovalov @andreyknvlSlides for "Sanitizing the Linux kernel: On KASAN and other Dynamic Bug-finding Tools", the talk I just gave at Linux Security Summit Europe 2022.

Covers:
🐧 Generic KASAN implementation
🔥 Other Sanitizers
🗡 Extending KASAN and KMSAN to find more bugs

docs.google.com/presentation/d… 
9:37 AM ∙ Sep 16, 2022
201Likes50Retweets
-
Jimmy @JimmySecUK
Ukrainian soldiers transformed this Peugeot cabriolet into a stripped down battle-buggy complete with bull bars and a space for a machine gunner...🔥 
2:16 PM ∙ Sep 16, 2022
4,862Likes638Retweets
-
Eva @evacide
The Fifth Circuit has published its opinion upholding HB 20 in Texas and everyone who cares about content moderation is going to be spending the weekend explaining why this is extremely bad: 9:00 PM ∙ Sep 16, 2022
131Likes62Retweets
-
Silent Movie GIFs @silentmoviegifs
Silent comedians vs. police 
4:19 PM ∙ Sep 16, 2022
5,339Likes1,561Retweets
-
USENIX Association @usenixBrowse the complete list of Best Paper winners from past USENIX conferences, including the recent @USENIXSecurity and @SOUPSConference: usenix.org/conferences/be…
#security #privacy #research #usesec22 #soups2022
usenix.orgUSENIX Best Papers5:48 PM ∙ Sep 15, 2022
45Likes16Retweets
-
Joe Tidy @joetidy
SCOOP on the IHG hotels hack: 'Vindictive' couple deleted hotel chain data for fun. Cyber crime couple from Vietnam launched destructive wiper attack deleting huge amounts of data after defenders foiled their ransomware attempt.  bbc.co.ukIHG hack: ‘Vindictive’ couple deleted hotel chain data for funThe pair, who say they are from Vietnam, wiped out IHG group data after a foiled ransomware attack.6:05 AM ∙ Sep 17, 2022
86Likes44Retweets
Well that’s just great! Time to update my root password. Again.
Joe Tidy @joetidy
Hackers accessed the FTSE 100 firm's most critical databases after finding the login for the companies password vault. The password for the vault was extremely weak: Qwerty1234.6:09 AM ∙ Sep 17, 2022
115Likes41Retweets
-
Chatham House @ChathamHouse
The withdrawal of the Baltic states from the ‘17+1’ format highlights the changing perceptions of China post-invasion, writes @pbergsen. 
chathamhouse.orgCentral and Eastern Europe become hawkish on ChinaThe recent withdrawal of the Baltic countries from the ‘17+1’ format displays changing perceptions of China due to its ambiguity towards the war in Ukraine.7:00 AM ∙ Sep 17, 2022
10Likes6Retweets
-
Clare Roth @ClareAliceRoth
This nails something I had amorphously felt but never articulated in my head (attributed to @monicabyrne13). 
8:28 PM ∙ Sep 16, 2022
3,480Likes1,147Retweets
-
Rik Wassens @Rikwassens
How the infamous websites 8kun and the Daily Stormer ended up in the Dutch polder. Read the English translation of our investigation  nrc.nlHow the Netherlands facilitate the most hated websites in the worldHosting industry: Two infamous websites – 8kun and neo-Nazi news site Daily Stormer – remain connected to the rest of the internet through the Dutch polder.8:31 AM ∙ Sep 17, 2022
14Likes8Retweets
-
Thomas MacKenzie @TWMacKenzie
@matthewhughes cryptoadventure.com‘Here’s My Private Key’: The Crypto Reverse-Scam You Ought to BewareIn crypto, there’s no shortage of imposters and thieves phishing for unsuspecting victims’ private keys over the internet. A ‘private key’ is a10:53 AM ∙ Sep 16, 2022
10Likes1Retweet
-
John Burn-Murdoch @jburnmurdochNEW: income inequality in US & UK is so wide that while the richest are very well off, the poorest have a worse standard of living than the poorest in countries like Slovenia ft.com/content/ef2654…

Essentially, US & UK are poor societies with some very rich people.

A thread: 
5:51 PM ∙ Sep 16, 2022
30,997Likes14,013Retweets
-
Addam 🦇 @BrosefWtheMosef
You fall for scams on the internet, I invest in NFTs, we are not - oh wait yes we are the same5:43 PM ∙ Jan 21, 2022
379Likes96Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

                Don't miss what's next. Subscribe to the grugq's newsletter: