December 2, 2022

Folks, this is bad news. Very, very bad. Hackers and/or malicious insiders have leaked the platform certificates of several vendors. These are used to sign system apps on Android builds, including the "android" app itself. These certs are being used to sign malicious Android apps!

https://bugs.chromium.org/p/apvi/issues/detail?id=100

https://androiddev.social/@MishaalRahman/109440552872028377

-

-

Riley Goodside @goodside

OpenAI's new ChatGPT explains the worst-case time complexity of the bubble sort algorithm, with Python code examples, in the style of a fast-talkin' wise guy from a 1940's gangster movie:

1:39 AM ∙ Dec 1, 2022

---

-

Samuel Bendett @SamBendett

1/ QUICK THEAD that continues the topic of Russia’s dependence on Chinese and imported comments for domestic quadcopter production - additional comments from CAST, one of Russia’s main defense think tanks. More below:

Samuel Bendett @SamBendett

1/ THREAD on the Russian Telegram-based feedback about this new "Dobrynya" quadcopter from Almaz-Antey. There was a lot of discussion and commentary about this drone and what is actually needed for the war, starting with anger at the Russian defense sector. Main points below. https://t.co/EezDZqPwYc

7:13 PM ∙ Dec 1, 2022

---

-

obsessed with this article by the Android team. just looking at the graphs it's like "rust go up, exploits go down" https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html

also holy shit Android has a lot of rust code now

https://toot.cat/@Gankra/109439730353295162

-

Great followup on The Mystery of Metador by @milenkowski

Discover the anti-analysis techniques of the Mafalda implant, a unique, feature-rich backdoor used by the Metador threat actor.

https://www.sentinelone.com/labs/the-mystery-of-metador-unpicking-mafaldas-anti-analysis-techniques/

https://infosec.exchange/@hegel/109439251724708035

-

Great stuff from Kelly.

Kelly Shortridge @swagitda_

How can we waste attackers’ time, attention, and money? Can we inflict psychological damage on them? Our new paper (@JosiahDykstra + other fine folks) answers these questions, introducing the concept of “sludge” against attackers for systems resilience: arxiv.org/pdf/2211.16626…

6:09 PM ∙ Dec 1, 2022

---

-

Francisco Falcon @fdfalcon

Lured by @4Dgifts, I took a look at the new stack-based buffer overflow in FreeBSD's ping when processing ICMP responses (CVE-2022-23093): freebsd.org/security/advis… TL;DR: bug doesn't seem exploitable on FreeBSD 13.1 x64, thanks to the stack layout created by variable reordering.

9:53 PM ∙ Dec 1, 2022

---

-

blink-sun8tzu @suntzufuntzu

Man sees therapist. Says he's depressed. He's been through a humiliating divorce. His job is thankless and unfulfilling; his employees and the public hate him. "Treatment is simple" doctor says. "Go on Twitter. Elon Musk bought it and everyone's taking the piss out of him"

11:26 PM ∙ Nov 6, 2022

---

-

I stumbled on @zwol@hackers.town 's excellent blog post "I Didn’t Learn Unix By Reading All The Manpages:" https://www.owlfolio.org/research/i-didnt-learn-unix-by-reading-all-the-manpages/

I could not agree more. Manpages are excellent references, but they are absolutely not educational. So, how do you learn? Tutorials, textbooks, and most importantly, tinkering with stuff until it works.

https://ioc.exchange/@nc2y/109441898025138767

-

Sophia Benoit @1followernodad

no one is talking about how 60 monkeys can now make hands free phone calls

5:50 PM ∙ Dec 1, 2022

---

-

Walker D. Mills @WDMills1992

"Is this... anti-submarine warfare?"

9:52 PM ∙ Dec 1, 2022

---

-

cts @gf_256

GPT ripping apart BattlEye disassembly🤯

6:45 AM ∙ Dec 2, 2022

---

-