November 22, 2022

Nov 22, 2022

Lukasz Olejnik on Cyber, Privacy and Tech Policy Critique

TechLetters Insight. Why would anybody hack Electric Vehicle Charging Stations?

A Russian zero-day exploit purchase site is interested in tools for hacking of Electric Vehicle Charging Stations. This raises a number of questions. Why would anybody want to hack such targets? Also, why would Russian entities (in particular) be interested in such targets? The best answer to these is “good question!”, and let's put politics aside. Let…

2 years ago · Lukasz Olejnik

A new blogpost is up! Let's take a look at kmem_guard_t in iOS 16 / macOS 13. Hope you'll find it interesting :) https://saaramar.github.io/kmem_guard_t_blogpost/

https://infosec.exchange/@amarsaar/109382833486110827

Charles Lister @Charles_Lister

I’ve worked on #Idlib for 11yrs now & thought I’d seen just about everything. But seeing a former #AlQaeda affiliate arrest one of #Europe’s most wanted fugitives, a mafia chief, and then move to ‘extradite’ him to #Italy? Not something I’d have predicted. https://t.co/ktwjMvt0lT

Charles Lister @Charles_Lister

UPDATE -- An #HTS SSG mugshot taken in #Idlib city does indeed appear to show Bruno Carbone in custody. One of #Europe's most wanted, a mafia chief on the run for years. Rumor says he's being prepped for 'extradition.' https://t.co/V7WItz16Bo

The hardest problem in computer science is to make a social network without nazis

https://hachyderm.io/@bruvik/109383481584541286

Infosec Black Friday deals for tools & software:
https://github.com/0x90n/InfoSec-Black-Friday
#blackfriday #cybermonday

https://infosec.exchange/@malwareunicorn/109385482479664936

Don't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. Everyone has something to hide, privacy is something that makes you human.

https://www.privacyguides.org

https://mastodon.neat.computer/@privacyguides/109298547978435778

@emilyposting@hachyderm.io @emilyposting_

we pwned @Tailscale❤️ ft. @JJJollyjim emily.id.au/tailscale

“If you visit my website, I am granted the honour and the privilege of executing arbitrary Javascript on your computer.”
— @emilyposting@hachyderm.io
CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You
https://emily.id.au/tailscale

https://infosec.exchange/@raptor/109384182834885702

Ethan Mollick @emollick

New space dystopia unlocked! This paper finds human blood protein, combined with Martian or Lunar rock, makes a substance as hard as concrete. To make it stronger by 300%, add urea "which could be extracted from the urine, sweat or tears of astronauts." sciencedirect.com/science/articl…

hardwear.io @hardwear_io

⚡Breaking into iPhone's last Security Barrier 📱Tihmstar @tihmstar presented his work on attacking the iPhone's hardware AES crypto core through an EM-side-channel in order to retrieve the hardware fused GID & UID keys 🍿Enjoy the talk▶️youtu.be/s_cnjOCegs0 #hw_ioNL2022

youtu.beUsing A Magic Wand To Break The IPhone’s Last Security Barrier by Tihmstar | hardwear.io NL 2022Abstract:----------------In this talk i will present my work on attacking the iPhone’s hardware AES crypto core through an EM-sidechannel in order to retriev...

ax🔥🌸mX @axi0mX

Amazing work. 👏 A4 GID key was not revealed in the talk, but if you look closely at @tihmstar's t-shirt, there are 260 characters. 🧐 That is an easter egg! Remove 't1hm' and you get the A4 GID key. 🤯 e77f3e9c5e6c00086aa7b68e58994a639cc360d6027c90b53eb8b3b015f72f56

A4 GID
11100111011111110011
111010011100t0101111
00110110000000000000
01000011010101010011
11011011010001110010
11001010011001010010
10011000111001110011
000011011000h0011010
11000000010011111001
00100001011010100111
1101011100m010110011
10110000000101011111
01110010111101010110

hardwear.io @hardwear_io

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ @DanielMiessler

github.comGitHub - kubeshark/kubeshark: The API traffic viewer for Kubernetes providing deep visibility into all API traffic and payloads going in, o…The API traffic viewer for Kubernetes providing deep visibility into all API traffic and payloads going in, out and across containers and pods inside a Kubernetes cluster. Think TCPDump and Wiresha...

"Nearly three-quarters of the 5G network operators surveyed said they’ve experienced up to six security breaches or cyberattacks in the past year. These breaches resulted in network downtime, customer data leaks, regulatory liabilities, fraud and monetary theft.
Nearly two-thirds of the network operators surveyed said security staff spend more than 30% of their time on manual security tasks. More than 4 in 10 respondents said at least 40% of security teams’ time is spent on vulnerability and threat management tasks that could be automated."
https://www.cybersecuritydive.com/news/5g-security-breaches/636693/

https://infosec.exchange/@puftfresh/109386311003915152

NSA's Cybersecurity Speaker series talks about building in trust from the start: “Security on day one” Check out Dr. Josiah Dykstra speaking with Natalie Pittore, Enduring Security Framework chief, and Martin Goldberg, NSA’s lead for 5G standards.

https://infosec.exchange/@RGB_Lights/109385352229220131

“Looking at old #bugs is a great way to quickly find new ones.
Sometimes the patch only fixes a symptom rather than the bug.
Sometimes there can be other variants of a bug which the patch missed.
And sometimes the patch just introduces new bugs.”
— Ian Beer

https://infosec.exchange/@raptor/109386136936663469