BC GOOGLE

Saved by @SteveeRogerr

Lesley Carhart
@hacks4pancakes 4 years, 5 months ago 888 views

Save to PDF Share See On Twitter

Good morning to all of you well rested infosec folks who are just now waking up to this newest catastrophe :)

Fine, fine, I’ll be nice. While you were sleeping, Google security notified of a long term (allegedly DPRK) SE campaign targeting infosec researchers on Twitter, ingratiating themselves into the community with minor research and blogs, then sending them malicious links and code.

The list of accounts is in the blog and 3 or 4 accounts were very active, messaged and drew in a ton of researchers, and successfully got some to execute malicious code in the name of exploit research. My thread is full of stories and screenshots. They hit a ton of people.

Here is the blog. https://t.co/T3No8Hj7xy

There are still a lot of unsubstantiated rumors and humble brags floating around about what else they did, so I would stick to the blog for now.

You need to check if you (or your team on work machines) interacted with any of these people, potentially followed malicious links, or amplified their social media posts.

@LawrenceAbrams also did not sleep: https://t.co/98UGrOk9fL

North Korean hackers are targeting security researchers with malware, 0-days - @LawrenceAbrams https://t.co/CkyMl6daoQ
— BleepingComputer (@BleepinComputer) January 26, 2021

Anyway https://t.co/FNL9H3uZDh

Am I doing this right? pic.twitter.com/MmxvYF6cJJ
— fraggLe! (@fwaggle) January 26, 2021

Here is a particularly poignant and well documented one, as he discovers in real time what happened... https://t.co/uibzAnNNUn

Hey folks, story time. A guy going by the name James Willy approached me about help with a 0-day. After providing a writeup on root cause analysis I realized the visual studio project he gave me was backdoored.
— Alejandro Caceres (@_hyp3ri0n) January 26, 2021

Anyway this is all novel not so much for the established sock accounts and Twitter SE (which *ahem* some researchers have been dealing with for ages 🤷🏻‍♀️🍸) but more because of the tactics of tricking exploit researchers into running malicious code, and burning a Chome 0day.

Good luck, all. VM all the things, and assume every inbound DM is gonna be a dickpic!

(This is also a very funny 5am joke because one of the fake people they used was named James Willy. Thank you, I have been here all night.)

You May Also Like

Trader knight
@Traderknight007

Pyramiding 2.0

A thread-

What is pyramiding?

It is simply adding to your winners.

Why use pyramiding?

1. It makes your winners bigger than your losers.

• Because you are adding positions when your trades are going your way, you are increasing your gains but your losers will be small comparatively.

2. You lose less during Draw-down time ( it saves you from losing big during whipsaws )

• Many times when the market is in sideways mode, Entering a trade with full risk might not be the best idea.

• So, you test the waters with a small position first, it could be ⅓ or ¼ of your total risk.

• So if the Breakout fails or whipsaws come, then you will only lose a small part of your overall risk.

• Then when position starts to go in your favor you can add to it.

3. It helps you to concentrate on a few trades,

They say that don’t put all your eggs in one basket, but don’t put them in too many either.

• See, Everyone can see charts and find breakouts, pullbacks etc.

$Ferruccio Balestreri \U0001f308$

Ferruccio Balestreri 🌈...
@0xferruccio

🕵️‍♂️ How Google's PageRank algorithm works

The PageRank algorithm gives each page a rating of its
importance, which is a recursively defined measure of importance, based on if important pages link to it.
It's recursive because the importance of a page refers back to the importance of other pages that link to it

Here's how it works in practice:
1⃣ We start with some pages and crawl them for links

2⃣ Each page has 1/N points (where N as the total number of pages)

3⃣ Add points to each page for the amount of links to it, divided by the number
of links emanating from the sources of these links

Advertisement

$Anu Satheesh \U0001f1ee\U0001f1f3$

Anu Satheesh 🇮🇳...
@AnuSatheesh5

Thiruvizha Mahadeva Kshetram
#Alappuzha
#Keralatemples 🚩

Thiruvizha Mahadeva Kshetram is located in Cherthala and it is believed that Prathishta of temple was done by Vilwamangalam Swamy. Paramashiva is Swayambhu here and is worshipped as Kalakandha which means who swallowed

Halahala visham to save the world during Samudra mathanam.

It is a famous temple where people seek the blessings, for curing the Kaivisham. The poison given by someone to destroy a person is made to vomit here. This is removed by making them vomit the poison by a special

medicine.
The medicine for vomiting is made from a plant near temple by Palodathu family. The milk offered to Bhagwan is mixed with the extracts of the plant.

Story says that once this place was a dense forest, and a woman was looking for the presence of a tortoise in the pond

and the tip of her stick hit the bottom and it started bleeding in the pond.
Frightened, the lady informed every one and after searching in pond people found Swayambhu Lingam inside the pond. Thus Prathishta was done here.

Om Namah Shivaye
Shambo Mahadeva
🙏🕉🙏

Zena Hitz
@zenahitz

I just finished Eric Adler's The Battle of the Classics, and wanted to say something about Joel Christiansen's review linked below. I am not sure what motivates the review (I speculate a bit below), but it gives a very misleading impression of the book. 1/x

As someone\u2019s who\u2019s read the book, this review strikes me as tremendously unfair. It mostly faults Adler for not writing the book the reviewer wishes he had! https://t.co/pqpt5Ziivj
— Teresa M. Bejan (@tmbejan) January 12, 2021

The meat of the criticism is that the history Adler gives is insufficiently critical. Adler describes a few figures who had a great influence on how the modern US university was formed. It's certainly critical: it focuses on the social Darwinism of these figures. 2/x

Other insinuations and suggestions in the review seem wildly off the mark, distorted, or inappropriate-- for example, that the book is clickbaity (it is scholarly) or conservative (hardly) or connected to the events at the Capitol (give me a break). 3/x

The core question: in what sense is classics inherently racist? Classics is old. On Adler's account, it begins in ancient Rome and is revived in the Renaissance. Slavery (Christiansen's primary concern) is also very old. Let's say classics is an education for slaveowners. 4/x

It's worth remembering that literacy itself is elite throughout most of this history. Literacy is, then, also the education of slaveowners. We can honor oral and musical traditions without denying that literacy is, generally, good. 5/x

$Sam Dylan Finch \U0001f937\U0001f3fb\u200d\u2642\ufe0f$

Sam Dylan Finch 🤷🏻‍♂️...
@samdylanfinch

I had the most bizarre experience outside of a bar yesterday, which my partner very aptly described as "toxic mask-unlinity." (A Thread.)

I was standing outside, waiting for a lyft to get home, when two cis men came out of the bar to smoke cigarettes. They're discussing the masks that folks are wearing in California at the moment because of the very dangerous air pollution from the fires happening.

I happen to be wearing one of those masks, because I think lungs are important and I like breathing. I dunno. One of the men notices me standing there, and says, "Like this f*cker right here. What is this shit?"

He goes on a homophobic rant about me, the pansy with a mask, and what a Very Manly Man he is because he's not afraid to smoke a pack of cigarettes while California is on fire. He doesn't need a mask, because something-something-heterosexual-something.

And part of me is just... impressed by the fact that this dude thinks he's Owning The Gay Libs by not wearing a mask to protect his lungs from smoke and particles in the air that are literally DANGEROUS... while chain-smoking. Outside of a bar.