December 14, 2022

Administrivia: The holidays are coming up fast and output from the infosec community is slowing down. I will be taking time off as well. I haven’t figured out the exact dates, but definitely for 24th through the 2nd. Possibly a reduced posting schedule until then.

-

Justine Tunney @JustineTunney

My dream has finally come true. I've been working on a 160kb virtual machine named Blink. It's now capable of emulating programs as complex as GCC and Qemu. We can now vendor Linux toolchain binaries in our build configs and have them run across platforms. github.com/jart/blink

9:41 AM ∙ Dec 13, 2022

---

-

pourmecoffee @pourmecoffee

This should be every lede in 2022.

4:15 AM ∙ Dec 14, 2022

---

-

Mobile tech is a duopoly run by two companies - Google and Apple - with a combined market cap of $3.5 trillion. Each company uses a combination of tech, law, contract and market power to force sellers to do commerce via an app, and each one extracts a *massive* commission on all in-app sales - 15-30%!

1/

https://mamot.fr/@pluralistic/109508291802115793

-

Tashy McTashface @TashP351

My friends daughters hamster has been missing and feared dead for almost 2 weeks now. Last night she forgot to wash up the paint tray after a day of decorating. We now think the hamster may still be alive…

5:21 PM ∙ Aug 10, 2021

---

-

Rskvp93 @rskvp93

MSRC released the patch for our "TabShell" vulnerability (msrc.microsoft.com/update-guide/e…). This is a nice bug chain to RCE Exchange on-premises, Exchange Online, Skype for Business Server (may be SFB Online+Teams too but can't find its powershell remote endpoint) with @_q5ca @hoangnx99

msrc.microsoft.comSecurity Update Guide - Microsoft Security Response Center

4:12 AM ∙ Dec 14, 2022

---

-

Bert Hubert 🇺🇦 @bert_hu_bert

In the world of high-tech, Europe is exceptionally weak at innovating. We often blame this on regulation. Here I want to talk about how we may only have ourselves to blame by underpaying technologists and not really valuing technology anyhow:

berthub.euIs Europe Just Not Good at Innovating? - Bert Hubert’s writingsThis article is part of a series on (European) innovation and capabilities. Feedback is very welcome on bert@hubertnet.nl. I’d also like to thank the many proofreaders, but all mistakes remain mine! In the world of (high) technology, Europe is exceptionally weak at innovating. There are many ways to…

5:00 PM ∙ Dec 13, 2022

---

-

A look at why so much spam is getting through Gmail recently.

https://www.cnbc.com/2022/12/12/why-youve-been-getting-so-much-gmail-spam-about-yeti-coolers-.html

Via: https://infosec.exchange/@Ginger_hax/109511847409279018

-

To this day one of the most common typos on vendor assessment questionnaires is the question “do you check your environment for rouge wireless access points?”, and the only acceptable way to answer is “yes, our bleu team does this quarterly”

https://infosec.exchange/@SecureOwl/109510717621851113

-

Fantastic talk by @Quinnypig@awscommunity.social on failure. True to style this is very different to the usual inspirational talks on these topics, but at the same time connects more profoundly and personally than most like it. Well worth the 20 minutes.

https://mastodon.social/@sufw/109510363825279136

-

Tomasz Oryński @TOrynski

I am watching a movie clips about @elonmusk's Tesla Semi - remember, the truck that was to revolutionize the transport industry when it entered the market 4 years ago 🤡 And I am going to tell you'all why it is a completely stupid vehicle. And I won't even want to talk about (1)

9:40 PM ∙ Dec 8, 2022

---

-

cackerman21 @cackerman21

Fuzz introspector - tool for fuzz devs: understand fuzzer performance; aggregate hit frequency, entry points, potential blockers, bottlenecks: birds eye view of fuzzer github.com/ossf/fuzz-intr…

11:24 AM ∙ Dec 14, 2022

---

-

Nikita Tarakanov @NikitaTarakanov

Congrats to @isciurus and me for finding kernel LPE in iOS that has been fixed today in iOS 16.2

10:17 PM ∙ Dec 13, 2022

---

-

GCHQ @GCHQ

📣 The 2022 #GCHQChristmasChallenge is here! Have you got what it takes to solve our fiendish brainteasers, assemble the @what3words addresses and find the hidden message? Your time starts now. Good luck! ⬇️ gchq.gov.uk/gchqchristmasc… 🧵 1/4

gchq.gov.ukThe GCHQ Christmas Challenge 2022The Challenge returns for a second year with a series of fiendish brainteasers and a final twist!

7:00 AM ∙ Dec 14, 2022

---

-

Troy Hunt @troyhunt

Oh hey, here’s a good blog post on that 😊 troyhunt.com/these-cookie-w…

troyhunt.comThese Cookie Warning Shenanigans Have Got to StopThis will be short, ranty and to the point: these warnings are getting ridiculous: I know, tell you something you don’t know! The whole ugly issue reared its head again on the weekend courtesy of the story in this tweet: > I’m not sure if this makes it better or

6:23 PM ∙ Dec 12, 2022

---

-

Matteo Vergani @teoverga

My take on the Queensland shooting for @RadioNational Thanks @Kath_Robinson10 #ASC320 How and when do conspiracy theories translate into targeted violence? @CRISconsortium @Deakin_ADI @DeakinSociology @AvertResNet @deakinresearch

abc.net.auPolice look into the motives behind this week’s fatal ambush - ABC Radio NationalA long and complex investigation is now underway into the fatal police shooting in Queensland’s Western Downs and authorities are expected to look closely at the online activities of the attackers in the lead up to the ambush. Two police officers, aged in their 20s, were shot dead while they were…

9:57 AM ∙ Dec 14, 2022

---

-

cje 🌻 @caseyjohnellis

this is a great read

therecord.mediaShould Ukraine rein in its patriotic hackers?With the war with Russia coming up on its one-year mark, the Ukrainian government is indicating it’s time to better regulate cyberspace.

9:12 AM ∙ Dec 14, 2022

---

-

That One Show With Bryan Combs @ThatOneShowBC

This is the greatest achievement in human history. It will never be topped.

2:07 AM ∙ Dec 14, 2022

---

The rider is El Chompas De La Guadalupe, and he is pretty badass. The “trick” is basically hooks on the boots used to lock onto the bull.

-

Colby Badhwar 🇨🇦🇬🇧 @ColbyBadhwar

The mud is absolutely unreal. This MT-LB is swimming. Ukraine's wheeled vehicles are basically useless in these conditions.

6:41 PM ∙ Dec 13, 2022

---

-

Internet makes war weird in weird ways.

https://warontherocks.com/2022/12/disentangling-the-digital-battlefield-how-the-internet-has-changed-war/

-

Today on Risky Biz:

I just posted this week's weekly show:

Episode #689:

• FBI baulks at Apple plan to introduce user-encrypted backups

• Twitter ices e2ee plans for DMs

• RackSpace sued over its hosted Exchange ransomware incident

• Dodgy drivers: Microsoft signs off on badness

• Japan to change laws, release the Shiba Inus

• A look at the US NDAA

• Much, much more

RSS: https://risky.biz/feeds/risky-business/

Web: https://risky.biz/RB689

https://infosec.exchange/@riskybusiness/109510296205022063

-