September 27, 2023
September 27, 2023
ππ¨πThe Swiss Parliament voted to adopt a motion (144 yes vs 24 no) to protect Swiss Internet users from indiscriminate scanning of private messages proposed by the European Commission. β π΅οΈhttps://t.co/lTOQSiOtgg
β Frederic Jacobs (@FredericJacobs) September 26, 2023
I am glad people are making this point. https://t.co/tDUyhfkg6h
β Matthew Green (@matthew_d_green) September 26, 2023
New: a TikTok account is using facial recognition to dox random people simply for clout with its millions of viewers. Takes requests from the comments
β Joseph Cox (@josephfcox) September 25, 2023
- spoke to multiple victims, "violated"
- TikTok refuses to remove because says doesn't violate policieshttps://t.co/oPUhxZNYvT
CERN has an OnlyFan page https://t.co/fl3Jdtuujb
β Frank β‘ (@jedisct1) September 25, 2023
In the spirit of "this talk could've been a tweet", I just pushed a button:#BinDiff is now open source.
β Christian Blichmann πΊπ¦ @AdmVonSchneider@infosec (@AdmVonSchneider) September 25, 2023
- Snapshot release, no major new functionality
- Release binaries later today or tomorrow
- This is my 20% and I won't we able to act on PRs until end of Q4 (OOO traveling) pic.twitter.com/hU2q4iVsS3
In the year 2023, an Egyptian politician had malware delivered to his phone via MITM when he visited a website that was not using HTTPS.
β Eva (@evacide) September 25, 2023
This is why we must finish encrypting the goddamn web. pic.twitter.com/IGrvt3L81U
β Dr. Dan Lomas (@Sandbagger_01) September 26, 2023
So, funny story. Every cop's body cam is basically an AirTag. I did a talk at DEFCON explaining how you can detect and ID police body cams with your phone.https://t.co/1ClRShvuJC
β @nullagent@partyon.xyz βοΈ (@nullagent) September 8, 2023
The talk is now available on YouTube in 1080p HD.https://t.co/MfeToDxoGH
β @nullagent@partyon.xyz βοΈ (@nullagent) September 18, 2023
Introducing deep-TEMPEST: a deep learning method that recovers great quality images from unintentional electromagnetic emanations of HDMI. Great work (in progress) by E. Martinez, S. Fernandez and G. Varela πͺπͺ (co-mentored with @muse_pablo). Expect more news in the next weeks. pic.twitter.com/1KITQUd4PM
β Federico 'Larroca' La Rocca (@fedelarrocca) August 8, 2023
Finally. Cinema is returning. pic.twitter.com/XzgAylxXLQ
β Mike Ellis (@TheOnlyMike_E) September 25, 2023
Thread by @samwcyo on Thread Reader App β Thread Reader App
@samwcyo: Upon my return to the United States from a trip to Japan, I was directed to a secondary inspection room where I was presented with a Grand Jury subpoena by officers from the IRS-CI and DHS....β¦
feels like ransomware on this car charging station - but I guess its worse, as it wants me to install .NETπ«£ pic.twitter.com/3Zige13Cgk
β candid wueest π¨π (@mylaocoon) September 26, 2023
this piece is a fantastic example of a class instinctively defending its own. the new yorker literally can't imagine even the possibility that the bankman-frieds could be crooks who got paid millions from their son's theft. they're People Like Us.https://t.co/0TxuPuakZr
β James Palmer (@BeijingPalmer) September 26, 2023
Men love to flirt by saying things like βwow this is actually really good cable managementβ
β meg βYooperβ bitchell (@MeganBitchell) September 26, 2023
incredible chart from Caixin on just how much China's birth rate has crashed in the last seven years - the number of newborns each year has literally halved. Bear in mind that the bulk of the decline took place before covid. pic.twitter.com/FaGa0hAvSM
β James Palmer (@BeijingPalmer) September 26, 2023
New Amazon policy? " Customers seeking to perform covert adversarial security simulations and/or hosting Command and Control (C2) must submit a Simulated Events form for review." #redteamhttps://t.co/ofuNkBNcTH
β SadPanda (@sadpanda_sec) September 26, 2023
KYC-Free services at https://t.co/cbeK2niX6g. KYC-Free Crypto Exchanges, VPS Providers, VPN's....deserves to be added to https://t.co/OaBBq35ynC π pic.twitter.com/E1iciOjaMF
β The Hacker's Choice (@thc@infosec.exchange) (@hackerschoice) September 26, 2023
Introduction and practice to Linux kernel exploitation using CVE-2022-2602 as example@LukeGix: https://t.co/YEj7ldOz9f@kiks7_7: https://t.co/oyfoaewegv#Linux #kernel #exploit #infosec #cybersecurity pic.twitter.com/b26LHk1maH
β 0xor0ne (@0xor0ne) September 26, 2023
Nice catch! That's not a smart move from Intel. Now, this chapter has caught the attention of the entire research communityπ€¦ββοΈ https://t.co/sWSxK7j7vo
β Alex Matrosov (@matrosov) September 26, 2023
Our paper on our work at @oraclelabs for the past decade on The role of program analysis in security vulnerability detection: Then and now - ScienceDirect https://t.co/poM2T3kmZe
β Cristina Cifuentes (@criscifuentes) September 25, 2023
U.S. Counterintel Buys Access to the Backbone of the Internet to Hunt Foreign Hackers https://t.co/fUmlYfOsTv
β switched (@switch_d) September 26, 2023
Thread by @LauraRbnsn on Thread Reader App β Thread Reader App
@LauraRbnsn: Okay, so, storytime. I used to go to a church that had a "sex trafficking activism" group (which I've since learned is a thing, I cover it in my Hypersexuality article) where a group of...β¦
A well-designed cryptography protocol can be intimidating for many, but an approachable one is secretly much more dangerous.
β Moved to scottarc@infosec.exchange (@CiPHPerCoder) September 26, 2023
Consider JSON Web Tokens (deceptively simple to get a basic decoder), which constantly points devs' guns footward: https://t.co/bOFv1OJMEK
Writing a Debugger From Scratch - DbgRs Part 5 - Breakpoints
Writing a Debugger From Scratch - DbgRs Part 5 - Breakpoints // TimDbg
(New to this series? Consider starting from part 1) At the end of the last post, we started to get some interesting functionality with the ability to resolve addresses to names in a module. This was the last functionality missing before we could implement breakpoints! This part adds the ability for DbgRs to set hardware breakpoints. The code for this post is in the part5 branch on github. You can also view the changes from part4.
https://www.hertzbleed.com/gpu.zip/GPU.zip is a new type of side channel that exposes visual data processed on the graphics processing unit (GPU). This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression. We present the first security-centric analysis of this optimization and demonstrate that it can be abused to leak visual data. For example, using GPU.zip, a malicious webpage can leak pixels from another webpage in the latest version of Google Chrome, violating the browser security model.
