Hi there, time for a new newsletter and this time I want to briefly talk about a topic related to skills and interests. I may write further about it at some point but basically, what I want to talk about are how Interests/focus != skills.
‘’Of course that’s obvious!’’ I feel I can hear what some of you people think, and indeed, it does sound obvious. But here is the thing. Perception and facts are two different matters.
If I for instance said “I have great interests in maths” then most people would expect me to master maths at a decent level. Or if I said “I have great interests in Electrical Engineering” then people would expect to find me having a decent grasp on EE related topics and likely have some hardware related projects.
And while it may indeed sometimes be true, that is not always the case for a variety of reasons such as just starting out or not having been able to focus as much on their interests as they wanted.
But expectations are hard things to overcome, even for people who are well aware of this. So when someone reads someone has interests or focus within a given subject, they often instinctively attribute a certain level of skill they expect from the person unless otherwise stated.
When the person does not reach up to that expectation, they get disappointed and in some cases may even blame the person for not knowing X or Y and attribute the lack of knowledge as not being serious enough, etc when it may simply be that they have not yet been able to get that far in their studies, accidentally missed learning that part or just simple been so long time since they had to think about it that they forgot some of the things..
This is why it’s important to make sure to check your expectations and wait until you have been able to discuss it with the person in question or read an expanded explanation before drawing your expectations on what someone can or can’t do.
Anyhow, better cut it there before all this is getting too long, This issue have linus switching C for Rust in linux, some interesting communications disclosed from twitter vs elon trial, google finally kills stadia, WAF with built-in YARA and @GossiTheDog live-tweeting his attempt to patch a exchange server.
~kazu
News of Interests:
Linus Torvalds: Rust will go into Linux 6.1
https://www.zdnet.com/article/linus-torvalds-rust-will-go-into-linux-6-1/
Kazu: Linus Torvalds has been pushing hard for replacing code in linux with Rust due to its compatibility with C but with better bugs and security protections which should make systems using a lot more secure and have less bugs.
Linus have now confirmed that unless something weird happens, rust will be used for linux from version 6.1 and now the discussion is more how to adapt everything around it to fit rather than if it will be used or not. if this is a good thing or not only further can tell.
Tags: Linux, News, Rust, OS, Technology
Elon Musk’s Texts Shatter the Myth of the Tech Genius
Kazu: As part of the discovery process in the current litigation between twitter and elon musk, the court have made public musks communications related to anything to do with twitter, which to be mildly said, is quite and highlights how little thoughts and planning really goes into everything and how much it's really just "rich boys throwing out stuff to see what sticks and winging it".
Tags:Twitter, elon musk, litigation, trials, disclosure, communications, law, news
Microsoft warns of North Korean crew posing as LinkedIn recruiters
https://www.theregister.com/2022/09/30/microsoft_north_korea_zinc_threat/
Kazu: Apparently North Korea is at it again with trying to pose as Linkedin recruiters to build trust and then getting people to open malicious files. So remember to be careful about people who contact you, and especially if they want to send you some files or switch to an alternative communication method.
Tags: InfoSec. News, Security, North Korea, LinkedIn, APT, ZINC
Never-before-seen malware has infected hundreds of Linux and Windows devices
Kazu: there's a new botnet malware out there which targets both linux and windows based systems. seems to be a fork of the kaiji botnet malware, but has been modified to work on windows systems as well as a slew of other new functions.
TagsL InfoSec, Malware, Chaos, kaiji, windows, linux, botnet, news
NSA Employee Leaked Classified Cyber Intel, Charged with Espionage
Kazu: Don't do Espionage kids, it will never lead to anything positive and only start a countdown to having a bad time!
Tags: NSA, Espionage, Security, arrests, News
Google kills Stadia, will refund game purchases
Kazu: I must admit, I was initially somewhat confused about this news as I went 'What? it was still around? i am sure i heard google say they were killing stadia more than a year ago'.
Also, tbh, while i could write a essay of all the problems with stadia and other similar services, google made their bad and have to lie in it due to their murderhobo habit which causes no-one to wanting to invest in something which 99% certain will be killed of in a year or two, which will be true regardless what they do in the future.
Tags: Technology, google. stadia, shutdown, News
Other Interesting Things
WAFARAY: WAF with YARA
https://github.com/alt3kx/wafaray
Kazu: generally, when malicious actors try to upload malicious files onto sites that allow such, the file is sent to the backend before it gets analysed. Many times this works fine, but it also allows the file to hit the back-end server. this however is not good, so what if you could check a file that is being uploaded before it hits the back-end?.
This is where WAFARAY come in, this is a combination of a WAF and YARA, and what this essentially does, is running yara rules in the WAF to detect malicious files after it's been uploaded but before hitting the back-end server and thus should be able to detect and protect files before they have a chance to do anything bad.
Tags: YARA, CTI, InfoSec, WAF, Malware, GitHub
YARI: A interactive debugger for YARA Language.
Kazu: YARA rules are a great and easy way to detect malware and so forth, but how do you know if the rule you made actually works without a real sample to test it against, maybe you made a typo or missed something which caused it to not work properly. sure would be nice if there was a way to easily debug yara rules. Well, do not worry, avast comes to the rescue with their now open-source debugger ‘YARI’ which promises to do just that!.
Tags: CTI, DFIR, InfoSec, YARA, YARI, Debugger, GutHub
NullMixer: oodles of Trojans in a single dropper
https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/
Kazu: When some people who won't pay or can't afford certain pieces of softwares, they will look for non-legal means to get it. Sometimes this works out fine, but often, they will instead end up with malware that wreaks havoc on their systems and steals all their information.
Some of them only contains a single piece of malware, but some of them contains droppers like 'NullMixer' which can drop variety of malwares and this write-up look closer on both the dropper itself but also some of the things it drops as well, so it's definitely worth giving a read.
Tags: Malware, writeup, analysis, DFIR, CTI, InfoSec, NullMixer,
New Malware Variants Serve Bogus CloudFlare DDoS Captcha
https://blog.sucuri.net/2022/09/new-malware-variants-serve-bogus-cloudflare-ddos-captcha.html
Kazu: Old malware, different wrapping. These new variants deliver fake cloudflare notices when a user visits an infected wordpress site and are asked to download and run a file which basically gives the attacker full access to the system. While the payload is slightly modified, it has been around for a while, so many AVs should manage to flag it. but not all, one of the variants even have made the file huge to avoid it being analysed, but heuristic behavioural analysis which many AV's use should be able to detect it's behaviour and flag it.
Tags: InfoSec, DFIR, CTI, Malware, cloudflare, RAT
Beaumont tries to patch a exchange server
Kazu: Everytime there's a breach which involves an old microsoft vulnerability, people get up in arms about how the company should've patched the vulnerability in their “old” software like it was something that only took 5 min to do.
Well then, let's observe Kevin Beaumont as he is live tweeting his attempt to do just so on a 2016 exchange server, should be quick right?, right?.
Tags: InfoSec, exchange, patching, live tweeting, GossiTheDog, IT