April 16

Sabotage of railways from Belarusian partisans has inspired Russians. And, apparently, been conducted by Belarusian partisans. We saw partisans get kneecapped in Belarus, and I fear they’ll be executed if Russia catches them.

Belarusian Hajun project @MotolkoHelp

Successful rail sabotage has already taken place in 4 regions of Russia, the Community of Belarusian railway workers reports. It is known that over the last 2 weeks, rail partisans have damaged railroad tracks in Bryansk, Orel, Smolensk and Kursk regions of Russia. 1/2

11:40 AM ∙ Apr 15, 2022

---

Belarusian Hajun project @MotolkoHelp

Special devices are installed in relay cabinets, which work on timer and completely burn out the internal equipment of the relay cabinet. Belarusian initiative Busly Liatsiats take responsibility for some of the partisan actions carried out on the Russian railroad. 2/2

11:40 AM ∙ Apr 15, 2022

---

---

A measured response to a very wrong opinion piece.

Dan Black @DanWBlack

How are we almost two months into a war and still fielding claims that the cyber attacks originating from one of the militaries prosecuting said war are somehow "below the level of armed conflict?"

5:20 PM ∙ Apr 15, 2022

---

---

Berry (Rune Arc) @bloodberry_tart

twitter is a game and the objective is to never have to make a tweet that starts like this

5:48 PM ∙ Apr 15, 2022

---

---

Algorithms. Not just for YouTubers anymore.

https://www.politico.eu/article/dutch-scandal-serves-as-a-warning-for-europe-over-risks-of-using-algorithms/

%

Sputnik @Sputnik_Not

Putin personally awards crew of Moskva with Order of Courage for destroying two Ukrainian missiles

9:46 AM ∙ Apr 15, 2022

---

---

TikTok lawyers with the OPSEC advice.

Makena Kelly @kellymakena

idk, i trust this guy

2:53 PM ∙ Apr 15, 2022

---

---

Mini rant:

Lots of analysis is showing up explaining why Russia is *obviously* doing badly. Thing is, it’s a lot easier to predict things that happened in the past. I respect the analysis, but, seriously, I saw a YouTube channel with, in reverse chronological order: “why Russia is losing”…”no, Russia will not invade Ukraine”…”Russias formidable main battle tanks”

I’m not saying don’t get it wrong, I’m saying that I have a hard time listening to someone who doesn’t even talk about how and why they got it wrong. Bonus for incorporating those lessons into future analysis.

---

GitHub discovered that Heroku and Travis-CI OAuth tokens were stolen and being used to do nefarious shit in GitHub repos.

[Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog](https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/)

[Heroku Status](https://status.heroku.com/incidents/2413)

---

This is a great article on the use of electronic warfare in the modern battlefield. There’s analysis on what needs to be done right, what Russia appears to be doing wrong and why, leading to what the consequences are.

https://www.thedefensepost.com/2022/04/13/russia-electronic-warfare-failure-ukraine/

---

Webex totally accidentally send audio data when it claimed that it was muted. Seems like someone is doing good research on shifty software.

The Register @TheRegister

FYI: After Cisco's Webex app was spotted sending audio telemetry even when muted, the IT giant told us it has made changes so that the software no longer transmits microphone data. This is part of a study on what chat app mute buttons actually do

theregister.comCisco’s Webex phoned home audio telemetry even when mutedStudy finds turning sound off in a range of applications doesn’t always cut the mic

7:02 PM ∙ Apr 15, 2022

---

---

The research

Surveillance Killjoy @hypervisible

Bad news for folks (like me) who thought “mute mic” meant no sound was being transmitted.

thenextweb.comMuting your mic reportedly doesn’t stop big tech from recording your audioThink your muted? Better think again. A team of researchers found out Big Tech keeps recording when you mute.

3:35 PM ∙ Apr 15, 2022

---

---

Keep up to date on what out of date crap is being exploited in the wild.

boB Rudis 🇺🇦 @hrbrmstr

I've been working on an Rmd report summarizing the CISA KEV catalog every time it updates (it is not automated yet). It'll eventually auto-publish to the GH pages (hrbrmstr.github.io/cisa-known-exp…) of the archiving repo (github.com/hrbrmstr/cisa-…).

github.comGitHub - hrbrmstr/cisa-known-exploited-vulns: Daily archiver for CISA’s Known Exploited Vulnerabilities listDaily archiver for CISA’s Known Exploited Vulnerabilities list - GitHub - hrbrmstr/cisa-known-exploited-vulns: Daily archiver for CISA’s Known Exploited Vulnerabilities list

10:56 AM ∙ Apr 16, 2022

---

---

Starting with Grammarly and then going into broader discussions of third party software and security. See also the reports about software lying about the mute feature above.

https://theroute.io/the-requirement-for-telemetry-assesments/

---

Bad scholarship is dissected and the problem of citation repetition eventually making bad papers’ findings canon.

Carl T. Bergstrom @CT_Bergstrom

1. "The pandemic proves that people don't understand exponential growth," various folks have quipped. Perhaps that's true. You know the claim about how people are terrible at estimating exponential growth rates, and the classic study it's based on? It's hopelessly flawed.

5:29 AM ∙ Apr 16, 2022

---

---

We come full circle, as the new video from Dave Aitel addresses the short comings of the same article Dan Black had issues with above.

---

Missed this at the time. Singapore starts licensing security vendors.

https://www.zdnet.com/article/singapore-begins-licensing-cybersecurity-vendors/