Jan 31, 2023

January 31, 2023

SH1MMER53 is an exploit capable of completely unenrolling enterprise-managed Chromebooks.

Yandex ‘leak’ reveals 1,922 search ranking factors

The Yandex hack is probably the most interesting thing to have happened in SEO in years.
— Martin MacDonald 🏴󠁧󠁢󠁳󠁣󠁴󠁿🇪🇸🇺🇸🇧🇧 (@searchmartin)
4:07 PM • Jan 27, 2023

reviewing this document may provide some useful insights to better help you understand how search engines, such as Google, work from a technological standpoint.

You probably heard about Yandex, it’s the 4th biggest search engine by market share worldwide. Yesterday proprietary source code of Yandex was leaked.
The most interesting part for SEO community is: the list of all 1922 ranking factors used in the search algorithm
[🧵THREAD]
— Alex Buraks (@alex_buraks)
3:03 PM • Jan 27, 2023

Leaked Yandex ranking factors analysis part 2, let's go.
[🧵THREAD]
— Alex Buraks (@alex_buraks)
4:24 PM • Jan 28, 2023

Aight y'all.
Let's get started with this Yandex thing.
First thing, I want to give props and a shout out to @benwills who was the first to tell me about the leak and did a lot of initial leg work to make sense of where things live. He's the real MVP.
— Mic King (@iPullRank)
8:18 PM • Jan 27, 2023

https://searchengineland.com/yandex-search-ranking-factors-leak-392323

Analysis on how search at Yandex is done

https://russiansearchnews.com/articles/yandex-data-leak-what-weve-learned-about-the-search-algorithms/

EU has some genius ideas about mandating that software be secure. It is gonna kill open source if they don’t change it.

https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/

My Year Of Dicks (2022)

Spain Seizes Cocaine Worth $114 Million From Livestock Ship
Man...those cows know how to party!
gcaptain.com/spain-seizes-c…
— Sal Mercogliano (WGOW Shipping) 🚢⚓🐪🚒🏴‍☠️ (@mercoglianos)
3:18 PM • Jan 30, 2023

Runa:

I looked at a bunch of court records to learn more about how police in the U.S. use digital data to prosecute abortions. Here’s what I found.

https://techcrunch.com/2023/01/27/digital-data-roe-wade-reproductive-privacy/

https://mastodon.social/@runasand/109763026717020372

A paralegal has been going after the AI-lawyer company “DoNotPay.” She is destroying them, and the CEO is looking worse and worse the longer it goes on. It’s glorious!

Alternate Title: Empirically Determining the Inflection Point between Fucking Around and Finding Out
— Kathryn Tewson (@KathrynTewson)
2:33 AM • Jan 31, 2023

So, I thought maybe I should give it a fair shake -- after all, I'm mostly arguing with what my idea of a "legal AI" is, right? So I signed up for an account at and took the service for a little whirl.
— Kathryn Tewson (@KathrynTewson)
4:10 PM • Jan 24, 2023

Let me be clear: this is a terrible demand letter. Absolutely terrible. Useless or worse than useless -- if an actual attorney saw this, she would instantly know that the sender was unsophisticated, unrepresented, and gullible af.
— Kathryn Tewson (@KathrynTewson)
5:18 PM • Jan 24, 2023

Update: I have been in contact with RIP Medical Debt, and they have confirmed that the donation with the receipt number on the receipt Josh provided was made yesterday, January 29th, at 12:36 AM EST. (I am in PST which is why my timestamp says Jan. 28th at 9:53 PM.)
— Kathryn Tewson (@KathrynTewson)
10:04 PM • Jan 30, 2023

Holy crap -- @Amyrhymeswith spotted the time stamps. Josh, you made this donation *four minutes* after I called you out?
— Kathryn Tewson (@KathrynTewson)
10:24 PM • Jan 30, 2023

With a tiny single change, GitHub immediately, threw a large part of the software ecosystems into space. Package managers, applications, all sorts of things down. Slight change and it's gone. It's all so fragile! GitHub is a critical global infrastructure. github.blog/changelog/2023…
— Lukasz Olejnik (@[email protected]) (@lukOlejnik)
6:24 AM • Jan 31, 2023

At 23 I made the song Combination Pizza Hut and Taco Bell.
— mohamed singh azad (@HIMANSHU)
3:14 PM • Jan 30, 2023

Let’s continue our tour of my public @[email protected] projects.

https://github.com/0xdea/tactical-exploitation

Even though I’m a prolific #exploit #developer, I’ve always been a big proponent of a tactical approach to #pentesting and #redteaming that does not focus on exploiting known software vulnerabilities, but relies on #oldschool techniques such as information gathering and brute force.

While being able to appreciate the occasional usefulness of a well-timed #0day, as a veteran penetration tester I favor an exploit-less approach. #Tactical #exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects.

Sooner or later I’ll present my talk on this subject: “Empty Phist Style - Hacking Without Tooling” (h/t @[email protected] for the title) 🤘

https://infosec.exchange/@raptor/109783172507630600

guess we'll stick to the English term
— JP Aumasson (@veorq)
2:51 PM • Jan 30, 2023

Reply

or to participate.