June 21, 2022

Linux rootkit adore-ng is alive and well. Stealth wrote that code 20 years ago, and it is still going.

https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/

-

Emily Galvin-Almanza @GalvinAlmanza

Just opened a box from my grandmother's basement and here is a photo labeled "Jack's Photos Of Atom Bomb" and... apparently my great uncle was able to capture this. In Nevada.

6:49 PM ∙ Jun 19, 2022

---

-

New York Times Pitchbot @DougJBalloon

Opinion | Prosecuting Trump would have a chilling effect on future presidents' ability to undermine elections.

1:18 PM ∙ Jun 20, 2022

---

-

-

CVSS is bad, and it should feel bad.

Thomas H. Ptacek @tqbf

In case you don’t work in software security: the CVSS is the “standard” device for assigning a numeric severity (0-10) to a vulnerability. And it’s a terrible mess that you should not take very seriously. The best critique I’ve read to date:

theoryof.predictable.softwareA closer look at CVSS scores :: Theory of Predictable Software

6:26 PM ∙ Jun 20, 2022

---

-

Stef Schwartz @stefschwartz

jurassic park is the most realistic disaster movie series because every time, they have the same problem over and over again and nobody ever learns from it or tries anything a different way

11:27 PM ∙ Jun 19, 2022

---

-

Your Broke Professor @Synapsid

hey i skimmed your tweet and saw some words i recognize. anyway here's my opinion on what i imagine you said

5:01 PM ∙ Jun 2, 2022

---

-

Stef Schwartz @stefschwartz

jurassic park is the most realistic disaster movie series because every time, they have the same problem over and over again and nobody ever learns from it or tries anything a different way

11:27 PM ∙ Jun 19, 2022

---

-

History of the saying, “when it rains, it pours.” Which is fascinating.

https://historydaily.org/history-morton-salt-girl-umbrella

-

This thread is a contender for best on the internet.

https://www.tripadvisor.com/ShowTopic-g293809-i9491-k4796903-Vegetarian_Vegan_Madagascar-Antananarivo_Antananarivo_Province.html

-

This is a great story.

Bert Hubert 🇺🇦 @bert_hu_bert

A fun decryption story! In 1914, The Netherlands sent a peace mission to Albania (I did not know this either). The mission commander, Major Lodewijk Thomson, was killed in battle under circumstances that are still unclear. And we'd love to know! en.wikipedia.org/wiki/Lodewijk_…

7:48 AM ∙ Jun 21, 2022

---

-

The Register @TheRegister

One wonders why they don't build Cloudflare out of the same stuff as the Cloudflare status page 🤔

Cloudflare @Cloudflare

The issue has been identified and a fix is being implemented.

7:17 AM ∙ Jun 21, 2022

---

-

Horkos 🌻 @WylieNewmark

Recent CNN reporting on possible Russian strategies for interfering with the 2022 elections has me re-watching @C_C_Krebs's keynote at @CYBERWARCON 2021, where he discussed FSB Center 16 activity circa 2020 (at 12:37 and revisited at 18:42)

youtu.beCYBERWARCON 2021 - Keynote - Chris KrebsCYBERWARCON 2021, November 16, 2021, Arlington, VAPresentation by Chris Krebs, Krebs Stamos Group

3:37 AM ∙ Jun 21, 2022

---

-

A look at the modern history of irregular warfare in Ukraine.

https://mwi.usma.edu/from-little-green-men-to-tanks-outside-kyiv-irregular-warfare-in-ukraine-since-2014/

-

Dave Aitel reviewed that Atlantic council paper from a while ago.

Paper: https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/victory-reimagined/

Review:

https://cybersecpolitics.blogspot.com/2022/06/the-atlantic-council-paper-and.html

-

Crypto isn’t broken, it’s bypassed.

Haley Britzky @halbritz

A *chef’s kiss* moment from today with Team 41 — during the mystery event, competitors were instructed to decode a message which would include the key to unlock the box. *Technically* the instructions didn’t say you had to decode the key first…

10:51 PM ∙ Apr 9, 2022

---

-

𝖒𝖎𝖈𝖍𝖆𝖊𝖑 𝖈𝖚𝖗𝖟𝖎 @michaelcurzi

I succumb to horror & nausea as the holodisplay shows the last shreds of human civilization obliterated by the computronium shockwave. In 43 minutes, it will reach me on the station. It’s over. “Could we have done anything about it?” I weep. “There were… signs,” the AI admits.

11:51 PM ∙ Jun 18, 2022

---

-

Lukasz Olejnik @lukOlejnik

Turns out pre-internet-age information operations are easiest. Information/PSYOP operators have a hard time when internet is available, many media exist, people are not illiterates. Who would have thought that it necessitates equally intelligent approach… mwi.usma.edu/data-as-a-weap…

11:45 AM ∙ Jun 21, 2022

---

-

Lukasz Olejnik @lukOlejnik

Excellent security analysis of non-fungible tokens (NFTs). Even more important since NFTs may sometimes be ridiculed by some. Yet, they carry value (=someone is paying for it), so basically this is a tangible security topic. Ignorance is unfortunate. arxiv.org/pdf/2111.08893…

12:04 PM ∙ Jun 21, 2022

---

-

Are blockchains decentralized? From Trail of Bits some security analysis on blockchains. They find some novel attacks and do a lot of other research. In particular they point out how network control can be used (by dropping packets) to lower the hash rate needed for a 51% attack. Given that 55% of Bitcoin nodes are only available via Tor, and 20% of Bitcoin nodes run old software…

I would just say, I think whatever attacks they found can’t be that trivial to implement because they didn’t implement them and steal billions of dollars of crypto. Just as a Proof of Concept. Of course. Bug bounty?

https://blog.trailofbits.com/2022/06/21/are-blockchains-decentralized/

-