New: the IRS wants to buy an internet mass monitoring tool. This tool allows investigators to see what is happening on the wider internet beyond their own network; asks for "65 days traffic history." The tool can be used to trace activity through VPNs
-
-
Investigators "say the boat may have been a decoy, put to sea to distract from the true perpetrators, who remain at large"
Ellen Nakashima @nakashimae
-
Between two nerds
Compare and contrast two operations in 2016.
-
-
A good attack technique is to blend in with infosec noise and look like a false positive. It will give your attack a greater window of opportunity.
-
🚨🚨
BREAKING: Genesis Market, one of the world’s largest platforms for cyber fraud, has just been seized in an FBI-led operation involving more than dozen international partners.
Story here: therecord.media/genesis-market…
-
Interesting changes in ad policy by Meta to ensure transparency. Not sure how effective they’ll be.
Buying ads on political etc. topics requires government issued photo ID
The ads will display a “Paid for by” message and a link to the account of the purchaser
There will be a publicly accessible, searchable, database of all ads
https://www.nationthailand.com/thailand/general/40026343
-
-
New attack against always on microphone AI assistants.
https://www.theregister.com/2023/04/04/siri_alexa_cortana_google_nuit/
-
-
-
To the lady at Costco with her son on a leash. I'm sorry that I asked if he was a rescue.
The profanity wasn't necessary but thank you for not siccing him on me.
-
We put GPT-4 in Semgrep to point out false positives & fix code
“We added GPT-4 to our cloud service to ask which findings matter before we notify developers. We also tried to have it automatically fix these findings, and its output is often correct.”
-
it may be one of my more controversial legal opinions but if you steal something larger than a very large man and no one catches you in the act of doing it or transporting it or hiding it, you should not be able to be charged with a crime
real weird sickos @realweirdsickos
-
So I'm sure all are aware my RAV4 was stolen last year, ironically via "CAN Injection 🚘💉". Myself and @kentindell have been reverse engineering the device that I beleive was used for the theft. More details are on his blog kentindell.github.io/2023/04/03/can…
-
🧵 Yesterday we published my interview with the commander of the National Cyber Force (economist.com/britain/2023/0…), timed w/ publication of its paper "Responsible Cyber Power in Practice". I wanted to share a few more highlights of the interview, which I couldn't fit into the piece.
Shashank Joshi @shashj
3/ One example of that is shift in framing of cyber. In middle of last decade was "red button": big effect at key moment, or retaliatory option. Even the National Offensive Cyber Programme (NOCP), initiated in 2014, was about developing "slightly red-button-like" capabilities.
7/ Another e.g. of learning is how cyber integrates w/ military. In "early years", says Babbage, it was assumed offensive cyber would be delivered via "fighting platforms" at tactical level. Now "we're tending to find more utility for cyber [at] operational and theatre level"
8/ That doesn't mean no tactical effects. Babbage: "What we're finding now is that beyond that tactical [electronic warfare] activity there is there are cyber effects that you might need to have locally for force protection reasons" (e.g. defence.nridigital.com/global_defence…)
11/ Obvious, perhaps, but cyber power depends on leveraging dependencies of target. Babbage: "the more distant they are in geography and the more dependent they are on cyber and digital technologies to communicate at all, then the stronger the power of cyber." C4ISR = leverage.
15/ NCF paper mentions "blocks of capabilities". What does this mean? In past capabilities often designed for a particular conflict or crisis. Now focus is on those "that can be repurposed more in the moment." Babbage points to GRU use of edge devices (scmagazine.com/analysis/asset…).
23/ Persistent engagement has downsides, too: a sort of cyber innoculation. "We're cautious about offering strength training for adversaries...it's about the cognitive impact [&] you definitely need to engage persistently, but you need to be thoughtful about the long term impact"
-