Orwell Comes Knocking

As America continues its free-wheeling descent into the hell that is a Police state, efforts ramp up to protect the common man.

Reading from what sounds like an Orwellian nightmare, the Department of Homeland security has decided that frequent human rights violations, mass surveillance, mass incarceration, and ever increasing militarized police force, and more recently, detention based on sentiment (see the Balogun case) isn’t quite enough. So they’re adding the mass categorization of what’s allowable thought and sentiment in the US, to borrow some newspeak, the Thought Police are going to categorize you based on goodthink or crimethink.

Our friends over at Tutanota wrote up a great article on the proposed database but seem to think this is the work of Mean Old Mr. Trump, ignoring that this is a McCarthy era wet dream for the intelligence community and is in-line with the behavior and aspirations of Trump, Bush, Obama, Clinton, Bush Sr., et al…

Regardless, as the police state progresses, so do the uses for technologies like TOR, PiVPN, OpenDNS and the others. And this further solidifies the idea that the work we’re doing is not only of great importance but is greatly needed.

Check out our Projects page for more info about the work we do make online privacy as easey as possible.

LibWebP (CVE-2023-4863)

Here is a non-exhaustive list of possible mitigations to prevent the exploitation of CVE 2023-4863 in the LibWebP library. This library has a heap buffer overflow available across all operating systems, most browsers, an exceptional number of Electron framework applications. This CVE is rated a 10 after previously being rated 8.8. This was due to an original disclosure from Google stating that Chrome was the only effected application. After investigation, it was discovered that all instances of the LibWebP library were vulnerable across all platforms. A similar CVE ( 2023-5217 ) is pending analysis for the VP8 webstream video format (a sister library to libwep.) As working proof-of-concepts are generally available to the public and Google and Apple both acknowledge threat actors and spyware vendors making use of the vulnerability, it is essential that you begin reviewing and patching all business critical applications. Patch Browsers, All of them All major and minor browsers acr

Show And Tell

Once a week, our security team gathers everyone into a meeting and shares the last week’s worth of security related news and any new security initiatives. This one hour may be the most valuable meeting we attend and has the greatest impact on successful security outcomes. What is it? We call ours a Security Show & Tell. (You can call it whatever fun and exciting name fits your corporate culture.) Regardless of the name, the goal is to set aside an hour each week to share three kinds of security stories and our response to them. Stories that are in the news. Stories that impact our work. Stories that impact our lives. Author’s Note: There’s some helpful tips below on how to gather these stories. Why you should do it There’s a lot of great reasons to do this, but I want to drive home a few really important ones. How many times has this happened to you? You wake up, open infosec.exchange , and begin scrolling only to find out that $Vendor has a nasty zero-day and organiza

Savory Dutch Babies

Ingredients: 1/4 Stick butter 1/2C AP flour 3/4C room temp milk 3 room temp eggs Salt pepper mace nutmeg allspice etc if you want it Blend it or whisk it until homogeneous Put a castiron in a cold oven at 425°. Remove when preheat finishes and melt in a 1\4 stick of butter. Pour in batter. Top with parm and fresh herbs. Cook 15m.

All Good Men

Search This Blog