Emotional moment today as one of the longest-serving former members of the U.N. Human Rights Council (left) meets one of the newest members of the U.N. Women's Rights Commission.
-
The @GCHQ and @NCSC proposals for child safety surrounding end-to-end encryption, all amount to a single premise: that messenger software should [be forced to] lie to its users regarding the privacy that it provides.
See: alecmuffett.com/article/16208
-
OPSEC
-
Beijingology 2.0: Bridging the "Art" & "Science" of China Watching in Xi Jinping’s New Era (2022) doi.org/10.1080/088506…
Research article by Sverdrup-Thygeson & Stenslie, in Int'l J. of Intel & Counterintel (@Intel_IJIC). Open Access.
At @intelNewsOrg: intelnews.org/2022/07/21/01-
-
-
TAG reports on cyber activity in Eastern Europe. Quite a nice summary.
More here:
-
Thailand says it used Pegasus in national security cases. It is worth remembering that national security has different meanings in different countries.
-
Analyzing iOS 16 Lockdown Mode: Browser Features and Performance
https://www.sevarg.net/2022/07/20/ios16-lockdown-mode-browser-analysis/
-
[CVE-2022-34918] A crack in the Linux firewall
https://www.randorisec.fr/crack-linux-firewall/
-
A prime example of the whack-a-mole game of sandbox escaping (and yet another way to abuse python 🐍)
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
microsoft.com/security/blog/…
-
I was looking at some vuln code snippets for a thing I'm making and stumbled across this. At first I was like "do they mean extern? huh, are they making a symlink? wait, wut?". It didn't make any sense and I couldn't think of a reason why. Then I looked "printf external link" up.
-
-
NFT collector loses 100 ETH (~$150,000) in a joke gone wrong
July 20, 2022
web3isgoinggreat.com/?id=collector-…
-
dunno if that applies here but a typical pattern is:
1. create an internal interface X "obviously never attacker-exposed", so not "protected"/tested
2. product redesign || code reuse || new features || etc.
3. X now "attack surface"
💥
Haifei Li @HaifeiLi
-
RAND: Options for Strengthening All-Source Intelligence (July 2022) rand.org/pubs/research_…
Study finds inadequacies in:
- IC use of OSINT
- safeguards re: political bias in analysis & diss.
- warning re: forgn attacks on non-govt sectors
DDL (.pdf, 51p) rand.org/content/dam/ra…
-
Vast majority of customer data of German energy provider Entega leaked on the Darknet by Russian group Black Cat after they refused to pay ransom. Only 10 per cent assumed to include bank account data...@thegrugq
Wow. As ordered by a Turkish govt agency, internet service providers in Turkey provide hourly activity logs of all users, complete with user's full name, IP, name of website/app opened, what time it was opened and for how long. Insane mass surveillance, jaw-dropping investigation
Medyascope @medyascope
-
It's time for another "Show & Tell" session by Meme master @testanull - Gitlab Project Import RCE Analysis (CVE-2022-2185)
@_jsoo_ thinks it was full of images and a lengthy blog post :P
Grateful for our co-worker, Frances for editing it.😘
starlabs.sg/blog/2022/07-g…
-
Vast majority of customer data of German energy provider Entega leaked on the Darknet by Russian group Black Cat after they refused to pay ransom. Only 10 per cent assumed to include bank account data...@thegrugq
-
