Two relatives of mine got scammed/phished recently. Nothing serious happened fortunately. Some interesting observations:

- People see URL's as opaque blocks. They have 0 clue where they point to since they have 0 clue about how to read them.
- "Check the domain" doesn't help (even assuming the knowledge of what part of an URL string is a domain) if you have no information about what domains are "normal" (whatever that means).
- Regular people don't see giving out CC's or other sensitive information as a critical task. One of the victims told me they gave out their CC while doing two other things - I'd drop everything to focus such a task, while for them it's just another boring physical copy-paste.

Based on this most of our awareness advise is shit.

#phishing #scam

@SteveSyfuhs
"Admins can check the events in the Microsoft Defender XDR"
"Microsoft Defender XDR will raise an alert"

What if I'm not willing to pay a company to detect the exploitation of a protocol that was shipped to me by the very same company? Are there some event ID's, correlations one can implement (using FOSS tools maybe), independently from the Mothership?

@tmr232 Same with the docs: sometimes it's like finding a forgotten library room behind a brick wall. Actually fascinating!

@jwz faster than my mobile data connection

@tmr232 I'm in that rabbit hole now, but it's seems surprisingly hard to get the optimal combination of versions for each tool: I already worked around a bug in buildGhidraJar, downgraded Gradle, and now trying to make intellij-ghidra to work with the latest IDEA, but I feel that now it's time to read a book...

Generally, it seems that unofficial tooling just can't go in lockstep with Ghidra releases while I try to be on bleeding edge.

But I agree with you that IDEA will be the way forward, I probably just have to wait and/or debug a bit until the stir caused by 11.2 settles.

We can't stop here...this is Dependency Hell!

#ghidra #java

Latest update on the DDOS attack from @brewsterkahle (Oct 11 @ 10:22am PT):

"The data is safe.

Services are offline as we examine and strengthen them. Sorry, but needed. @internetarchive staff is working hard.

Estimated Timeline: days, not weeks.

Thank you for the offers of pizza (we are set)."

@lcamtuf There are probably creative ways to decorate the ballot either to deliberately invalidate it or to make it remain just valid enough

We wrote a thing https://www.microsoft.com/en-us/security/blog/2024/10/11/microsofts-guidance-to-help-mitigate-kerberoasting/

Another Ghidra build script bug yaay...

@tmr232 Yeah I get the latter reasons, but I just updated Eclipse (because I had to upgrade GhidraDev because it somehow couldn't be upgraded in the earlier version...) and having seen things like VSCode or IDEA I feel like walking into a torture chamber. And I practically grew up with Eclipse!

Edit: also important to note that I mostly think of e.g. Swing as an early attempt that didn't end up that good, while I think the IDE could you know, make some sense?

I wonder how much did Eclipse contribute to the bad reputation of Java...

@mdfranz lol

Very kind for 0-day to hit right at the start of a workday TBH
https://blog.mozilla.org/security/2024/10/11/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit/
Light on details, but there's some.

[RSS] Aw, Sugar. Critical Vulnerabilities in SugarWOD

https://www.n00py.io/2024/10/critical-vulnerabilities-in-sugarwod/

[RSS] Marriott agrees to pay $52 million settlement, improve data security practices

https://cyberscoop.com/marriott-starwood-breach-ftc-settlement-data-security/

Here's a story about a Hungarian guy who hacked Marriott ~15 years ago: https://www.securityweek.com/hungarian-man-pleads-guilty-hacking-marriott-systems-demanding-job-it-dept/ I know this guy learned some hard lessons, Marriott apparently didn't...

[RSS] Russian cyber firm Dr.Web denies data leak by pro-Ukraine hackers

https://therecord.media/russian-antivirus-company-drweb-denies-data-leak

HyperDbg v0.10.2 is released!

This release comes with lots of bugfixes and improved stability, check it out here:
https://github.com/HyperDbg/HyperDbg/releases/tag/v0.10.2

@futurebird if you want to read Vinge's "A Fire Upon The Deep" along with the author's notes, I've converted the 1993 Hugo and Nebula anthology CD-ROM into a website: https://deepness.trmm.net/

(not "A Deepness in the Sky" as I originally wrote. those responsible have been sacked, etc)