Notices by Marcus Hutchins :verified: (malwaretech@infosec.exchange)

None of this feels like the result of any technical limitations. I'm pretty sure they're just trying to maximize their engagement metrics at the expense of Mastodon. IMO Threads should be defederate until they "figure out" how to implement actual federation.

@GossiTheDog Just back up a bit and you'll be back at LAX lol

Someone has been flooding Bluesky with bots that use ChatGPT to respond to random posts, disagreeing with whatever the author says in a polite but annoying way. I have no idea what the goal is, but it kind of just makes it feel like Twitter before generative AI

A hill I’ll die on every time: NAT is a security feature. It wasn’t intended as one, it shouldn’t be used as one, but it IS one. If I go into my router and disable the firewall, then do the same on every device I own, not a single extra device on my network becomes publicly exposed. That is security. It makes it hard for users with poor cybersecurity awareness to accidentally expose devices to the entire internet. If we disabled uPNP by default, we’d see a huge drop in automated exploitation.

This year I'll be featuring in TryHackme's Advent Of Cyber!

Every day until Christmas they'll be releasing a cool new Cybersecurity challenge. It's free to join and there's over $100k in prizes to be won!
https://tryhackme.com/r/christmas

@GossiTheDog Paying $400 for a game is actually insane lol

FWIW, BlueSky is probably worth also maintaining a presence on. They went the decentralized route too, and It took a bit of time but the users finally managed to bully Jack into leaving the company and selling all of his ownership.

I'm mostly active here & on BlueSky.

https://bsky.app/profile/malwaretech.com

Hello Sharks, I'm seeking $50bn for my business. My idea is that we build the same business that already exists, but instead of just paying a living wage, we spend 50x that amount trying to replace the employees with extremely expensive and unsustainable arrays of graphic cards that guess sentences

Dang, I got put in LinkedIn jail over my choice of words for that dude. I won't say I didn't deserve it, but if anyone here works for LinkedIn and wants to get me release early for good behavior, I won't commit anymore crimes I promise

𝐂𝐔𝐏𝐒 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐀𝐭𝐭𝐚𝐜𝐤 𝐒𝐮𝐫𝐟𝐚𝐜𝐞 𝐃𝐚𝐭𝐚
Since there were some questions about the severity of the CUPS vulnerability due to it requiring the presence of the cups-browsed daemon and UDP port 631 being open to the internet, I performed a global scan to gather more data.

Of the 61,763 systems I found which had CUPS exposed to the internet, 13,289 of them returned a valid response when probed on UDP port 631, indicating the port was reachable and cups-browsed daemon was running.

The top affected countries are as follows: US: 3381, DE: 2790, RU: 853, FR: 724, NL: 634, SG: 582, IN: 579, FI: 566, GB: 533, CA: 282, BR: 227, JP: 202, KR: 151, ID: 141, PL: 136, CN: 131, HK: 121

My Google history from today legit makes me look like a straight up terrorist. There was speculation that the pager explosions were triggered by overheating the batteries (which is what lead to the whole "it was malware" insane speculation).

It's pretty much widely accepted at this point that the pagers were intercepted and implanted with PETN, but that doesn't actually answer the question. PETN is a secondary explosive (i.e. it's fairly stable and highly resistant to detonation from force or ignition). So the (IMO) most interesting question, which is currently still unanswered, is how did they detonated the PETN, and how did they build a detonator that would not be discovered by inspection, explosive detectors, etc.

While malware is 100% out of the question, custom lithium batteries could be made with a mechanism designed to reliably cause thermal runaway via an internal short circuit. So, I was curious if theoretically you could use a maliciously modified LiPo battery as a detonator PETN.

What I can gather from my research, is that PETN can't reliably be detonated by an open flame, and the heat produced by thermal runaway from a LiPo battery would be so hot that it would actually cause the PETN to undergo chemical decomposition and become inactive.

So, basically, the result of my entire Google history now looking like "hello, yes, CIA, I am doing a terrorism" is thermal runaway as a trigger is unlikely.

@Suiseiseki Out of interest, how many invites to parties have you received in your lifetime?

Can you imagine being an intelligent life form visiting earth and finding out that we've figured out how to harness nuclear fission as well as produce artificial fusion, but all we've done with it is make really big bombs and our current solution to climate change is to basically just put fucking solar panels and windmills on every surface

"Hey, why don't you guys use nuclear power?"
"Some soviets were really stupid one time so we decided to just kill everyone's brain cells and make the planet uninhabitable by burning obscene amounts of dinosaur juice"
"Ok, makes sense"

@GossiTheDog 😭

@GossiTheDog It was so weird to see media outlets interviewing cybersecurity professionals about bombs. Even agreeing to those kinds of interviews seems like malpractice

Living in the US feels like being on a prank show where you know it’s a prank show and you’re just patiently waiting for the presenters to make the big reveal so you can go on with your day

@GossiTheDog Have you or anyone looked at the data yet? I'm interested to hear more

I can't believe people are actually going with the cybersecurity angle here. Sure, in some super rare edge cases, there are probably circuits that could be hacked and overloaded to cause the Lithium-Ion batter powering it to combust. But Lithium-Ion batteries don't explode. They combust over the course of a couple of second to minutes. Not to mention, even if batteries did explode, which they don't, we're talking a single triple A battery not an EV cell.

We've all been so busy worrying about what if AI becomes self-aware, we forgot to consider what if Elon Musk becomes self aware? Right now he's dangerously close to realizing that he actually isn't at all funny and that people only laugh at his jokes because they need his money.