April 5, 2023

Apr 05, 2023

New: the IRS wants to buy an internet mass monitoring tool. This tool allows investigators to see what is happening on the wider internet beyond their own network; asks for "65 days traffic history." The tool can be used to trace activity through VPNs

vice.com

IRS Wants to Buy Internet Mass Monitoring Tool

1:11 PM · Apr 4, 2023

118 Reposts · 259 Likes

memenetes@memenetes

When you first start using kubernetes

4:00 PM · Apr 3, 2023

241 Reposts · 1.19K Likes

Kim Zetter@KimZetter

Investigators "say the boat may have been a decoy, put to sea to distract from the true perpetrators, who remain at large"

Ellen Nakashima @nakashimae

NEW: Investigators and western security officials are skeptical that the Andromeda yacht alone blew up the Nord Stream pipelines – and suspect it may be a decoy. By @shaneharris @smekhennet @LovedayM @michaelbirnbaum @BradyinBerlin https://t.co/jernPnyKlS

12:56 PM · Apr 4, 2023

5 Reposts · 14 Likes

Between two nerds

Compare and contrast two operations in 2016.

https://risky.biz/BTN31/

Ryan Naraine@ryanaraine

This is still itw 0day

3:22 PM · Apr 4, 2023

4 Reposts · 19 Likes

Chris Wysopal@WeldPond

A good attack technique is to blend in with infosec noise and look like a false positive. It will give your attack a greater window of opportunity.

theregister.com

3CX decided supply chain attack indicator was false positive

3:33 PM · Apr 4, 2023

8 Reposts · 13 Likes

Alexander Martin@AlexMartin

🚨🚨 BREAKING: Genesis Market, one of the world’s largest platforms for cyber fraud, has just been seized in an FBI-led operation involving more than dozen international partners. Story here: therecord.media/genesis-market…

5:54 PM · Apr 4, 2023

92 Reposts · 189 Likes

Interesting changes in ad policy by Meta to ensure transparency. Not sure how effective they’ll be.

Buying ads on political etc. topics requires government issued photo ID

The ads will display a “Paid for by” message and a link to the account of the purchaser

There will be a publicly accessible, searchable, database of all ads

https://www.nationthailand.com/thailand/general/40026343

Adam Cerious@Browtweaten

just got back from this year's FibonacciCon and it was as big as the last two put together

7:11 PM · Apr 4, 2023

1.12K Reposts · 7.01K Likes

New attack against always on microphone AI assistants.

https://www.theregister.com/2023/04/04/siri_alexa_cortana_google_nuit/

Matt Waller@wattmaller1

I just got wrecked by GPT 3.5 when playing … pick a number. I did not anticipate the outcome

12:58 AM · Mar 31, 2023

80 Reposts · 697 Likes

Nathan McNulty@NathanMcNulty

Come on Microsoft, this was totally avoidable - just stop renaming things Also, Clou dAlert, lolol

1:17 AM · Apr 4, 2023

110 Reposts · 954 Likes

Destry@DestryBrod

To the lady at Costco with her son on a leash. I'm sorry that I asked if he was a rescue. The profanity wasn't necessary but thank you for not siccing him on me.

10:54 AM · Mar 21, 2018

36.5K Reposts · 155K Likes

raptor@infosec.exchange@0xdea

We put GPT-4 in Semgrep to point out false positives & fix code “We added GPT-4 to our cloud service to ask which findings matter before we notify developers. We also tried to have it automatically fix these findings, and its output is often correct.”

semgrep.dev

We put GPT-4 in Semgrep to point out false positives & fix code

6:52 AM · Apr 5, 2023

13 Reposts · 24 Likes

🌲🥦☭ Treezy the Magnanimous 707er ☭🌉🌉@coryandtreezy

it may be one of my more controversial legal opinions but if you steal something larger than a very large man and no one catches you in the act of doing it or transporting it or hiding it, you should not be able to be charged with a crime

real weird sickos @realweirdsickos

https://t.co/oEHkzX7TAk

7:02 AM · Apr 5, 2023

1.34K Reposts · 10.7K Likes

Ian Tabor@mintynet

So I'm sure all are aware my RAV4 was stolen last year, ironically via "CAN Injection 🚘💉". Myself and @kentindell have been reverse engineering the device that I beleive was used for the theft. More details are on his blog kentindell.github.io/2023/04/03/can…

kentindell.github.io

CAN Injection: keyless car theft

5:06 PM · Apr 4, 2023

48 Reposts · 97 Likes

Shashank Joshi@shashj

🧵 Yesterday we published my interview with the commander of the National Cyber Force (economist.com/britain/2023/0…), timed w/ publication of its paper "Responsible Cyber Power in Practice". I wanted to share a few more highlights of the interview, which I couldn't fit into the piece.

Shashank Joshi @shashj

Today the National Cyber Force publishes a doctrine, "Responsible Cyber Power in Practice" & publicly avows its commander, GCHQ's James Babbage. Below, my interview with him. We discussed NCF's "doctrine of cognitive effect" & offensive cyber more broadly https://t.co/JQBqokoyQf

9:28 AM · Apr 5, 2023

27 Reposts · 79 Likes

Shashank Joshi@shashj

3/ One example of that is shift in framing of cyber. In middle of last decade was "red button": big effect at key moment, or retaliatory option. Even the National Offensive Cyber Programme (NOCP), initiated in 2014, was about developing "slightly red-button-like" capabilities.

9:28 AM · Apr 5, 2023

1 Repost · 9 Likes

Shashank Joshi@shashj

7/ Another e.g. of learning is how cyber integrates w/ military. In "early years", says Babbage, it was assumed offensive cyber would be delivered via "fighting platforms" at tactical level. Now "we're tending to find more utility for cyber [at] operational and theatre level"

9:28 AM · Apr 5, 2023

7 Likes

Shashank Joshi@shashj

8/ That doesn't mean no tactical effects. Babbage: "What we're finding now is that beyond that tactical [electronic warfare] activity there is there are cyber effects that you might need to have locally for force protection reasons" (e.g. defence.nridigital.com/global_defence…)