scriptjunkie @sj@social.scriptjunkie.us

This is a terrifying false positive for Windows Defender
https://twitter.com/frontier_anon/status/1293984440452935686

They don't call it Epic for nothing. Good luck guys!

NSA would like to inform GRU "we're in all your operations so deeply we're publicly taunting you about your internal jargon."

"Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware" "Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool..." Exceptionally detailed info for a public USG report!
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF

Wait, so Kaspersky and/or Microsoft deliberately posted untrue information in their vulnerability report? That seems more significant than even the 0day chain.
https://twitter.com/oct0xor/status/1293564168591876098

Does this mean https://send.firefox.com/ isn't coming back? Because that was the greatest. :-(

"full chain targeted the latest builds of Windows 10, and our tests demonstrated reliable exploitation of Internet Explorer 11" "before our discovery, the exploitability of this vulnerability was considered less likely"
https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/

PHP is #1! Go PHP!
https://i.blackhat.com/USA-20/Wednesday/us-20-Edwards-The-Devils-In-The-Dependency-Data-Driven-Software-Composition-Analysis.pdf

Looks like I broke my Raspberry Pi Zero W within about 5 minutes of connecting any cables.

AMA

I don't want to brag *too much* about my dad powers, but the lawnmower did start today on the first pull of the starter rope, so, uh, *adjusts cargo shorts* take from that what you will.

Snapdragon chip flaws put >1 billion Android phones at risk of data theft https://arstechnica.com/information-technology/2020/08/snapdragon-chip-flaws-put-1-billion-android-phones-at-risk-of-data-theft/

Literally conducting genocide. And the WaPo Beijing bureau chief doesn't think that even merits a mention.
https://twitter.com/washingtonpost/status/1290636616080470016

I completely agree and would love to see this for all development. Now if we'd only apply it to cryptography too.
https://twitter.com/apenwarr/status/1291209509940203524

If you block MS tracking in hosts, Defender will now specifically identify that as malicious, and re-enable the spying. Yes, the product once called "Microsoft AntiSpyware" is now pro-spyware. Do the MS engineers here ever take a hard look in the mirror?
https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/

How Apple uses anti-competitive practices to extort developers and support authoritarian regimes. Kudos to proton mail for speaking up https://protonmail.com/blog/blog/apple-app-store-antitrust/

IPv4, IPv6, and a sudden change in attitude | APNIC Blog https://blog.apnic.net/2020/08/03/ipv4-ipv6-and-a-sudden-change-in-attitude/