#RightToRepair has no cannier, more dedicated adversary than #apple whose most innovative work is dreaming up new ways to sneakily sabotage repair while claiming to be a caring environmental steward, a lie that covers up the mountains of #ewaste that Apple dooms our descendants to wade through.

--

If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/09/22/vin-locking/#thought-differently

1/

US State Department have gone on the record about how they found the Microsoft 365 data breach.

They set up a detection rule called Big Yellow Taxi two years ago to look for unknown AppIDs in OfficeActivity, which ultimately saved Microsoft’s ass.

https://www.politico.com/news/2023/09/15/digital-tripwire-helped-state-uncover-chinese-hack-00115973

Can we just not process weird file formats people receive by iMessage/text?

I created a game where you are a computer's operating system and you have to manage processes, memory and I/O events. The goal is to survive as long as possible without the user rebooting you because your processes are idling for too long. Probably the nerdiest thing I've ever done!

Anyway, you can play the game here: https://plbrault.itch.io/youre-the-os/

Ever heard of Kati Kariko?

https://www.nytimes.com/2021/04/08/health/coronavirus-mrna-kariko.html

EXCUSE ME?!

Using a key re one Microsoft service to auth to another is core to how Storm-0558 succeeded, dammit.

The Black Hat talk: https://youtu.be/KN6e1mqcB9s?si=asxpm-pzlA6LJMim

Time for an Arm-twist! CVE-2023-4039

Tom Hebb (Meta red team) and I discovered an 0day in GCC (for AArch64 targets) during my Arm exploitation training.

It renders stack canaries against overflows of dynamically-sized variables useless.

https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64

🤣

Funny-not-funny that the author of Musk's hagiography issues a correction (on the deadbird site, of course) for what Musk told him during the reporting for the book.

Also a reminder that the author withheld a huge story from the public for more than a year in order to have a scoop in his book.

Remembering Dennis Ritchie, born this day 1941. I had the great privilege of working with Dennis during my summer at Bell Labs. This is his "What am I doing in a suit?" photo. #UNIX #BellLabs

We need an EU regulation to mandate that all internet-connected devices must have a mechanism to disable internet access entirely and remain functional indefinitely, at whatever capacity is technically possible.

Want to have an app to control your dumb gadget? That fucker can use bluetooth, there is no legitimate reason to require an account on the vendor's website, which they can block at any time, harvest data from at any time, get hacked, and also make your lightbulbs unable to turn off if us-east-1 is down.

I want an apology from all the mansplainers that mocked my belief that privatizing NASA and relying this heavily on SpaceX would undermine the national security policy of the United States.

https://t.co/WoMI4XEPhE

did you know that 100 years ago there were *electromechanical* radio transmitters?

these things are so crazy, you just have to read this

(photo from https://en.wikipedia.org/wiki/Grimeton_Radio_Station#/media/File:Alexanderson_Alternator.jpg)

Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft

These are the first 6 companies designated as ‘gatekeepers' under the Digital Markets Act.

They have 6 months to ensure their core platform services comply with our rules, including:

✔ Allowing users to unsubscribe and remove pre-installed services
✔ Allowing the download of alternative app stores

❌ Banning tracking outside of their services without consent
❌ Stopping ranking their products more favourably

➡ https://europa.eu/!NbfBbn

#DMA

Techbros: self driving cars are inevitable!

Also techbros: prove you are human by performing a task that computers can’t do, like identifying traffic lights.

#software #unexplained

I hope everyone is having a great weekend!

This is my periodic reminder to support your instance - nearly all instances are free and rely on donations to pay the bills. I very much appreciate donations to Infosec.exchange, and I know that some other instances may be struggling financially. If you are in a position to donate to your instance, especially for those people on other instances, please consider donating. You can usually find the link to donate to your instance on the instance’s about page (such as Infosec.exchange/about).

My thanks to everyone who does support their instance. And there is zero problems (for me at least) with those that can’t afford it. These are tough times for many, and I think it’s vitally important to provide a reliable and useful social network outlet that is available to everyone.

Thank you!

Exactly 20 years and 20 minutes ago, this happened.