"The Techno-Optimist Manifesto" is proof tech VCs don't have the answers
If you haven't read Marc Andreessen's, founder of the Silicon Valley venture capital firm Andreessen Horowitz (a16z), “manifesto” and want to be utterly bemused by a sea of irony, you should do it. You might also be filled with fear of a dystopian future, like I was. You'll also end
Did he miss 4000 years of Hinduism, 2500 years of Buddhism, 2300 years of Stoicism...
Marc Andreessen, proving again that people with Zero Introspection, should have Zero Power.
X is just an ai echo chamber. if your infosec post doesn't contain anything about AI your reach immediately plummets
We found an exploit in #BitChat. A cache poisoning and replay attack that allowed a nearby or malicious mesh participant to DoS, disrupt and degrade mesh operation.The issues have since been patched.
Full write-up: https://barghest.asia/blog/bitchat-cache-poisoning/
BitChat cache poisoning and replay in Bluetooth mesh
BARGHEST found a cache poisoning attack in BitChat and replay flaw in BLE mesh synchronization that enabled durable network disruption before patching.
Interesting technique. Obfuscates its string decoder inside android namespace "com .google .android .material .timepicker". That helper XOR-decodes which then concatenates into the C2: http://95.164.86[.]148/dash/index[.]php.
#kimsukyThe Coruna loader performs environment validation including kernel build checks and CPU family gating using XNU CPUFAMILY constants (A15/A16 visible in snippet). So execution is restricted to specific Apple SoC generations. The sample I have appears to be a staged loader that validates the device environment before transferring control to a secondary payload. This architecture resembles similarity to Operation Triangulation (iVerify and Google referenced this already), though in OT hardware exploitation logic resides in later stages rather than the initial loader...
we (and i mean mostly @dismantl ) are refactoring our mobile forensics tool (https://github.com/BARGHEST-ngo/MESH) to be ephemeral as default (allowing for prod setups too still), this means you can get forensics and network monitoring/pcap off a device using only an analyst machine and a client node
it's pretty beautiful
GitHub - BARGHEST-ngo/MESH: MESH Forensics enables remote mobile forensics over an encrypted, censorship-resistant peer-to-peer mesh network.
MESH Forensics enables remote mobile forensics over an encrypted, censorship-resistant peer-to-peer mesh network. - BARGHEST-ngo/MESH
the ai mental overload is becoming mentally overwhelming for me. tech is such an ai echo chamber right now. i'm having the most fun i've had in a long time just sitting in my terminal with nvim, no browsers or shit like that. i feel a certain amount of nostalgia coming back when actively trying to block it all out
Another $5.6 million from ICE to Palantir, in part for its continued work on ELITE (Enhanced Leads Identification & Targeting for Enforcement), which we revealed in January to be the Palantir tool ICE uses to find neighborhoods to raid
https://www.404media.co/elite-the-palantir-app-ice-uses-to-find-neighborhoods-to-raid/
Joseph Cox