Pretty excited for this talk by @patch1t about a one-click macOS takeover, starting out mentioning P0’s iMessage exploit and NSO’s Pegasus spyware. #HITB2022SIN
The story of CVE-2021-30657 was one of my favorite talks at #OBTS last year, esp. the way @cedowens, @jbradley89 and @patrickwardle talked through the steps to finding the initial flaw.
Was digging through court records related to Vault 7 and found this tidbit. The FBI used the wifi at Starbucks to download the leak. #OBTS
If you want to better understand how government agencies, such as the CIA, create and use cyber tools, there are some helpful bits in the #Vault7 court records. Here's one example. #OBTS
Makes sense for the CIA (and others, really) to have a code library of basic components in a state that can be readily used. #Vault7#OBTS
When I worked at the @nytimes, I had a manager who for two years told me that I’m difficult, nasty, fragile, territorial, controlling. He always told me this in person, in private. (thread)
He told me that I don’t care about other people. That no one wanted to work with me. That people were "more relaxed" when I was away. I respected him. Believed every word he said, every time. I even internalized it, tried to fix it. It was a full year before I told HR.
I simply thought that if I changed, he'd stop. If I did everything right, he'd approve. If I fit in, everything would be OK. That if I used the right words, at the right time, in the right way, he would not lash out.
Former intel analyst charged with disclosing classified information to a reporter, the indictment illustrates challenges/risks with journalist/source comms. justice.gov/usao-edva/pres…
P5 outlines comms: analyst researched reporter, attended reporter's book event, searched for classified info re: reporter's beat, texted friends about the event + meeting reporter, reporter emailed analyst article about Snowden, analyst and reporter exchanged texts, emails, etc.
Indictment suggests the analyst and the reporter communicated via emails, texts and in-person meetings prior to using encrypted comms. Book event in April 2013, reporter suggested Jabber in September. Could be they used encrypted comms sooner without this being highlighted here.
An FBI agent has been charged with leaking information to @theintercept. This article by @mukhtaryare does a good job illustrating how the agency runs leak investigations. A short thread. (1/6) mprnews.org/story/2018/03/…
The search warrant filed in Minneapolis federal court against Albury did not identify The Intercept, but the documents described in the warrant match the documents posted by The Intercept in January 2017. (2/6) theintercept.com/series/the-fbi…
The Intercept filed two FOIAs with the agency in late March 2016. The requests contained specific information about the documents that were not available to the public. The FBI determined that The Intercept "obtained these documents from someone with direct access to them." (3/6)