NEWS 🚨: Mysterious cube-shaped anomaly discovered on the moon's far side by Chinese rover The rover will spend the next 2-3 months verifying it

I just wrote 1,000 words on my idea of how we can get the role of Open Source maintainer to graduate to a real, properly paid profession. I feel like I need 10,000 more to hit all the nuances but I also know I will never hit publish if I try. ughhhhhhhhhhh

That Russian IP, 45.155.205.233, is continuing its game-upping with the Log4j exploitation. The base64-encoded payload is still the same but now the exploit is in all of those: - the GET request - the Referer - the User-Agent

I've prepared a TryHackMe room to demonstrate #log4j #log4shell CVE-2021-44228, explaining the vulnerability, attack vector, and more importantly, detection, mitigations and patching. Working with THM staff to get this in your hands -- it should be available soon.

Just felt like re-sharing one of the best emergency phones I’ve ever come across

In light of the crisis in Ukraine, we are making this guide on hardening against destructive attacks available to everyone. Please take a look. This is over 40 pages of concrete steps you can step to protect your org. No marketing filler. mandiant.com/resources/prot…

The pilot of a Cessna 150 left this message to Ryan 🤔 fr24.com/data/aircraft/…

Planetary-scale engineering schemes designed to cool Earth's surface and lessen the impact of global heating are potentially dangerous and should be blocked by governments, more than 60 policy experts and scientists said u.afp.com/wGh8

New: this NFT will steal your IP address. Viewing this and some other NFTs on marketplace OpenSea will send your IP to the NFT creator, because OpenSea lets people load custom code, including HTML. NFTs can gather data on viewers. Confirmed with my own IP vice.com/en/article/xgd…

I've had 3 calls so far today (it's not even 10) about defending against Russian cyber ops I'm tired of having the same call... so... here's what I've told everyone. This is the playbook you need... but it's not going to be what you think it will be. Ready? Lets go! 1

Épisode 0x198 - Ukraine, cyberguerre et censure securite.fm/hebdo/2022/02/… -Conti leaked - United Nations traité infosec - NVIDIA leak - Toyota USA et Bridgestone leak -Segment Cloud! Avec Jacques Sauve @JoniVerreault Vanessa haken29a @[email protected] Guillaume L-M et Franck #podcast #infosec

Dear infosec: Sorry to barge in on your Memorial Day weekend, but if you're not following the msdt 0-day in MS Office you probably should be. I've validated it's working on my test systems and is trivial to exploit. First report here: x.com/nao_sec/status…

On Saturday, I sat in a crowded ballroom at Caesar's Forum in Vegas and watched Sick.Codes jailbreak a John Deere tractor's control unit live, before an audience of cheering @Defcon 30 attendees (and, possibly, a few undercover Deere execs, who often attend Sickcodes's talks). 1/

“It’s a Wi-Fi hotspot.”

Want to learn Rust? I'm doing a free back-to-school giveaway of my #rustlang Udemy courses! Please share especially with students. reddit.com/r/rust/comment… I'm making games using Rust Language and #BevyEngine. What will you do with Rust?

Dear Diane Lebouthillier & Canada Revenue Agency, I was asked to accept terms & conditions when I logged into your site. It says if there's a cyber attack and my TAX DATA is stolen, it's not your fault and I MUST accept this risk, (see next tweet)

Folks in Canada, this is happening to YOU. Call your member of parliament. Retweet this. Tell your friends. Tell CRA that this is NOT OKAY. If there are enough voices, they will change the policy. They are accountable to us, the public. Tell them how you feel (politely, please)

Introducing acropalypse: a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to David Buchanan does not tweet anymore for his help throughout!

Time has come: cfp.hackfest.ca/hf2023/cfp