Vulns/PoCs != reliable weaponised exploit chains.
So can we stop comparing bug bounties to exploit brokers.
Systemd has a bug where user names starting with a digit cause the user daemon to run with root privileges. According to the creator of systemd, this is not a bug and everything is fine. The reason everything is fine is because names like this, which are explicitly permitted by the base standards, are forbidden and tools shouldn't allow creating these names, so it's a bug in the tools for permitting names permitted by the standard.
“These people have now become very tech-savvy,” he said. “They use VPN to block their computer’s IP address”
"[right-wing] extremists are now covering their tracks by using untraceable [...] VPN services that conceal their computer’s location – leaving the police unable to find them."
LOL, them untraceable VPNs, haha.
No wonder we can't have a rational debate around encryption.
To be clear, my heart goes out to the victims but surely there are enough hotel rooms in the area to provide a temporary solution until a more permanent one is found. This is just pure left-wing populism and people are cheering him on...
So, now even the National Cyber Security Centre is attributing WannaCry to DPRK (Lazarus Group).
Just remember NCSC is basically a bunch of incompetent morons without any experience of APT operations.
(That doesn't mean their attribution is wrong, I haven't seen their data, just worth keeping in mind)
About the fidget spinner fad: "Something that was considered entirely pathological and in dire need of correction when done by disabled people is now perfectly acceptable because it is being done by non-disabled people" and "Because insisting that disabled people act more like non-disabled people is not about improving functionality, it's about who has the power to set social standards."
And finally, just how harmful it is that intelligence analysis is devalued nowadays, especially by policymakers. https://mastodon.social/media/KZUW7o75xb1X3wWSh_0
No common, cross agency intelligence analysis knowledge. In fact, every agency has its own analysis techniques. https://mastodon.social/media/Rlbw_m9SPkaHM6Waiwc
Also, apparently IBM designed a better crawler (for IC needs) than Google! Lol. https://mastodon.social/media/fE_Jj_l88OrnU5JIuE8
No common tooling, often analysis is designed around tools instead of tools being designed for analysis techniques. https://mastodon.social/media/oAnsT1zaka3425a_nms
Most analysts provide tactical support to US forces. Tactical/operational needs generated by ongoing wars put massive strain on IC. https://mastodon.social/media/3s65zbUsgKPQOeH2YXk
Excellent in-depth overview of the US Intelligence Community's analysis tradecraft.
Bit dated (2008) but still feels very relevant.
I mock the LessWrong crowd, but honestly they are not so bad and I consider myself an aspiring rationalist, I just don't like to use the term because I really don't want to be associated with Yudkowsky. (plus it sounds pretentious af)
It's quite jarring how Yudkowsky speaks out against cultishness and then just turns around and creates his own cult basically. *sigh*
Not to mention he is unjustifiably arrogant and can't handle any criticism.
Jaguar Goddess · Crypto Sorceress · Security Researcher by trade · Xenofeminist Meta-NRx and Extropianist · she/her
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!