Show more

OPCDE is now live. Thomas Rid, Maddie Stone, Ryan Naraine, Mohamad Mokbel coming up
youtube.com/watch?v=8_i4X9MMjb

Excellent article identifying Dmitry Sergeevich Badin, 29, the GRU unit 26165 (APT28) developer behind numerous high profile intrusions. Keep reading until the end.
bellingcat.com/news/2020/05/05

Supreme Court oral arguments streaming live for the first time. I wonder how securely that's all been set up.
twitter.com/WSJ/status/1257309

Excellent talk running right now in the DerpCon Red track on exploiting insecure .NET deserialization by @noperator

More relevant, if that matches your behavior, you've made it clear that your moral outrage means nothing when it matters, is a show, and we should ignore any of your future posturing.

We had to wait near 2 decades to see how many decrying Bill's affairs would ignore the same behavior from Donald. We only had to wait months to see so many who decried Kavanaugh ignore Joe's more substantiated accusation. Admit it-you'd all vote for Jeff Dahmer if he was your guy

Notably, this seems to be the first successful randomized, controlled, double blind trial of its size for a COVID-19 treatment

Remdesivir shows effectiveness when given early to patients with severe cases of COVID-19 in clinical trial. 62% of patients treated early were discharged from the hospital, compared with 49% of patients who were treated late. The trial tested 397 patients
reuters.com/article/us-health-

1 click RCE on Keybase. Custom markup + cryptocurrency request + URL spoofing = arbitrary path execution
shielder.it/blog/1-click-rce-o
h/t @geeknik

Q: When can I find out which charity all DerpCon donations go to?
A: Right about now, the funk soul brother
Q: Will I be able to see the highly anticipated "Supply Chainsaw" talk by scriptjunkie?
A: Check it out now, the funk soul brother

Q: When can I sign up for DerpCon?
A: Right about now, the funk soul brother
Q: Did I see abstracts for the talks at derpcon.io/speakers.html ?
A: Check it out now, the funk soul brother

Q: When can I see the DerpCon schedule?
A: Right about now, the funk soul brother
Q: What should I do with the DerpCon schedule at derpcon.io/index.html#schedule ?
A: Check it out now, the funk soul brother

But let's not forget the old RoI of Doom chart. Big intel agencies have both means and incentive to plant people in your cloud providers or exploit CPU or virt bugs, and you're unlikely to know if they've spied on you for strategic intel. Also: twitter.com/DidymaWorks/status

Security Delusions A History of Cloud Compunction by @swagitda_ capsule8.com/blog/security-del recaps infosec arrogance and control freak cloud opposition. To be fair 10 years ago shared hosting providers were frequently mass-owned and Google lost trust in 2013 & killedbygoogle.com/

Don't forget, @MicrosoftTeams only supports IE6 for calls. Maybe by the year 2020 there will be widely supported cross browser web audio/video standards...

Show more
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!