September 6, 2022

                September 7, 2022

            September 6, 2022

            [Substack doesn’t send emails unless you exit the editor. Even when scheduled. It doesn’t alert your either. I know this now.]
I’ll point out that weather is one of the things I mention as a sensitive indicator that should be protected (in my 2012 OPSEC talk.)
That said, I’m not blaming anyone for having mistakes in their OPSEC. Humans make mistakes. That’s life. I had poor OPSEC for a decade plus before getting more serious, but mistakes only accumulate…
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

🌬Doctrix Snow @MistressSnowPhD
I am—well, I was—great at opsec. I got doxxed on 🥝farms because someone spent 50+ hours trying to nail me down until he ultimately “compare[d] her tweets to weather history to determine her city, and complied a parametric list of all the profs in nyc and went from there.” Kathryn Gibes 🏳️‍⚧️✨ @TransSalamanderKiwiFarmers will tell you what you SHOULD do is just be better at opsec, but the implied second part of that advice is "and leave us alone to do our terrorism"

Since when are we taking these guys' advice on anything?3:34 AM ∙ Aug 29, 2022
3,004Likes683Retweets-
In related OPSEC news Signal has a new president. This role is recently created and I guess there is an interesting back story about why the organisation is doing this. I however, do not know it.

https://signal.org/blog/announcing-signal-president/

Congratulations to the new President, Meredith Whittaker [Wikipedia]. A commenter on HN said: 
“She's the lady who was fired by Google in retaliation for organizing the walkouts that protested the big payout Andy Rubin got despite being found guilty of sexual harrassment.”
-
john @mrjohndarby
in the 90s the internet used to scream at you when you tried to enter and they should never have taken that warning away11:52 PM ∙ Sep 3, 2022
20,920Likes4,220Retweets
-
Tabatha @tabdido
whats wrong babe you've hardly touched any of the domains you bought1:09 PM ∙ Sep 5, 2022
5,866Likes659Retweets
-
Eduardo García-Molina @eduardo_garcmol
As promised, here is my initial write-up of the ways the Seleukids are depicted in video games. It is a bit of a long one, though there is more to discuss.

Come for the heated anchor discussion, stay for a sexy take on Antiokhos III in a mobile game.

anotherclassicsblog.wordpress.comThe Seleukid Empire in Video GamesA Summation of the Digitization and Implementation of “Hellenization” *Due to the heavy amount of pictures and the formatting quirks of this site, I recommend you read this post on a ta…1:33 PM ∙ Sep 2, 2022
136Likes24Retweets
-
Alexei Bulazel @0xAlexei"SOK: On the Analysis of Web Browser Security"

Excellent paper on the state of the art in web browser security, putting in writing a lot of understanding and intuition about the area held by vulnerability researchers and platform developers

arxiv.org/abs/2112.15561
6:31 PM ∙ Sep 5, 2022
37Likes11Retweets
-
Dennis @DennisF
This is exactly how emails work 
max homa @maxhoma23
If I don’t look at my emails then they and all the responsibilities that come with them don’t exist to me5:05 PM ∙ Sep 5, 2022
62Likes15Retweets
-
Jeff @usedwigs
Hi, I’m your waiter Jeff, let me tell you about The Specials. The Specials are an English 2 Tone ska revival band from Coventry, England…12:18 AM ∙ Feb 1, 2013
2,449Likes1,080Retweets
-
Dan Williams @danwilliamsphil
I wrote a short piece on why the recent panic surrounding misinformation is misguided and how the concept of rationalisation markets is superior for understanding many forms of epistemic dysfunction in political and cultural media (1/17). blogs.lse.ac.ukThe focus on misinformation leads to a profound misunderstanding of why people believe and act on bad informationMisinformation has been a prominent paradigm in the explanation of social, political, and more recently epidemiological phenomena since the middle of the last decade. However, Daniel Williams argue…10:22 AM ∙ Sep 5, 2022
714Likes197Retweets
-
Steven J. Vaughan-Nichols @sjvn
Nevertheless, I prefer cats. 
1:58 PM ∙ Sep 4, 2022
2,471Likes586Retweets
-
Linux Kernel Security @linkersec
An exploit primitive in the Linux kernel inspired by DirtyPipe

A brief description of an exploitation technique inspired by the DirtyPipe vulnerability.

github.comGitHub - veritas501/pipe-primitive: An exploit primitive in linux kernel inspired by DirtyPipeAn exploit primitive in linux kernel inspired by DirtyPipe - GitHub - veritas501/pipe-primitive: An exploit primitive in linux kernel inspired by DirtyPipe6:41 PM ∙ Sep 5, 2022
69Likes27Retweets
-
Alexei Bulazel @0xAlexei"Examining Zero-Shot Vulnerability Repair with Large Language Models" from @kiwihammond et al (@moyix)

Interesting to see recent AI advances provide massive breakthroughs solving cyber problems where formal approaches have struggled to scale

arxiv.org/abs/2112.02125
1:04 AM ∙ Sep 6, 2022
31Likes8Retweets
-
Carlos Fenollosa @cfenollosaAfter self-hosting my email for twenty-three years I have thrown in the towel 😩

Email is now an oligopoly, a service gatekept by a few big companies which does not follow the principles of net neutrality.5:51 PM ∙ Sep 4, 2022
13,274Likes4,032Retweets-
J. A. Guerrero-Saade @juanandres_gs
I've been rather glib in addressing this CN report on 'TAO' malware at Northwestern Polytechnical University in China. So what do we really learn from this?10:27 PM ∙ Sep 5, 2022
88Likes30Retweets
-
Cain Maddox @ctrlshifti
girls who code has been funded by raytheon for a while now and i think it's the best example of how 99% of these "learn to code" institutions don't exist to help underprivileged people; they exist to get them complicit in the oppression of others
vice.com‘Girls Who Code’ Team Up With Tomahawk Missile Maker RaytheonThe defense manufacturer has partnered with the STEM oriented nonprofit to provide leadership and technical training to college students.11:07 PM ∙ Sep 5, 2022
204Likes54Retweets
-
This paper was linked last week, but here’s some nice highlights 

https://www.tandfonline.com/doi/full/10.1080/02684527.2022.2090741

Electrospaces @electrospaces
Some interesting quotes from the interview:

"Few people in GCHQ have any idea how much information about Sigint is available in the public domain, and not many more know how much reasonable discussion is going on in the area of privacy and security."
7:34 AM ∙ Sep 6, 2022
4Likes1Retweet
Electrospaces @electrospaces
"As for ‘Intelligence Studies’, I didn’t really understand the subject [...] #GCHQ, at least, is an intensely pragmatic organisation, and I don’t think that establishing theoretical constructs around the way #Sigint works connects in any realistic way to the way we work."7:37 AM ∙ Sep 6, 2022
4Likes3Retweets
-
Andrew Small @ajwsmall
Having started to read the very interesting new book by @RichardKerbaj the striking thing is that the US case on the 5G question and the UK is precisely the opposite of the version that GCHQ (and former officials there) are still briefing 1/5 
🇨🇳 Beijing to Britain 🇬🇧 @BeijingToBritNEW: Matt Pottinger, US deputy national security adviser, 2019-21, has written to The Times with his version and account of the 5G and Huawei story.

https://t.co/6xJdM3lXd0 https://t.co/ZkFr4XeYm010:24 AM ∙ Sep 6, 2022
27Likes5Retweets
-
MF FairyPrincessSmoo @Smooheed
All I'm saying is, maybe that lamp post walked into me11:06 PM ∙ Mar 18, 2015
146Likes88Retweets

The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

                Don't miss what's next. Subscribe to the grugq's newsletter: