Marcus Hutchins :verified:

My latest blog post investigating a malware campaign which infects victims by utilizing only legitimate infrastructure. The malicious activity spans hundreds of hacked websites, the BSC blockchain, and a popular CDN. https://expel.com/blog/clearfake-new-lotl-techniques/

One concern about the AI bubble that I've not yet seen discussed is how many All-In podcasts it's going to create. Every time one of these AI companies is bought or IPOs, it creates like 10 new billionaire who will start a podcast where they pass their single brain cell around a table and influence people on issues they know nothing about. Remember when David Sacks and Jason Calacanis got together with Elon Musk and tried to sabotage Ukraine's defense because they convinced themselves that angering Russia would lead to a nuclear war? Now imagine there's 400 of them. At this rate the entire media sphere will just be midwit billionaires with podcasts.

The tariffs certainly appear to be working. American companies are no longer importing goods from China. Instead, they're becoming Chinese companies and producing good domestically.

Ever since Amazon ruined 30,000 people's holidays be laying them off in the name of "efficiency", they've massively improved their next day delivery system. It used to be that I'd only get one next day delivery per package, but now I get 5 for the price of one. Every day they tell me it's arriving the next. Incredible value for money!

Is it me or are major internet platform outages getting more frequent? I used to instinctively reboot my router, now I just assume it's the platform. GitHub broke for me this morning, now LinkedIn is offline. Reddit and Twitter feel like they go down twice a week. Meanwhile all these companies are bragging about layoffs because they've "become more efficient with AI". Like, dawg, you can't even keep your website online.

Here's an easy way to understand the US "hacking back" / Offensive cyber operations proposal: You lose the keys to your house down the back of the couch. It would be very time consuming to try and dig them out, but buying new locks would cost money. The least expensive option is to simply remove the entire front door, which your family approves of. This would leave more money to gamble in the slot machine (some guy who says he is 100% definitely not the owner of the slot machine has told you that if you put in enough money, you will receive a return on your investment). After voting to remove the front door, someone walks into your house and steals your TV. Having to buy a new door, new locks, and new TV would cut into the slot machine fund. Which is unacceptable. You decide the most cost efficient option is to track down every thief in the world and punch them in the face. The family agrees that punching every thief in the face would certainly deter any further theft, and have absolutely no possible negative consequences at all. The not slot machine guy has also offered to buy all your house's windows for $30, to help you recuperate some of the losses from your TV being stolen. You agree that this is indeed a good deal, and proceed to remove every window. One day you come come to find a 600 pound grizzly bear rooting around in your pantry eating all your food. Your are completely perplexed. Despite your best efforts to secure your home against theft, people have still been walking in and taking whatever they want. However, a grizzly bear is new. You consult with the not slot machine guy, who has recently used all his not slot machine money to buy up every local hospital. You are concerned that the punching everyone in the face policy does not appear to have affected theft rates. Also, this policy was designed for humans, not bears. The not slot machine guy reassures you that this is the best way. He tells you that you just aren't punching people hard enough. He also says that there is no reason why the same policy couldn't also be applied to bears. He sells you some punching classes for $5 trillion dollars and send you on your way. With your new found punching skills, you are now ready to fight the bear. You return home to find out that all of the local bears have learned that your pantry is a great place to get food. There in now an entire group of them. That is ok though, you've been training for this.

Do You Need To Worry About China's Agentic AI Cyberattacks?

This post from the President of Windows basically reads like someone trained an LLM on those SF billboards that just say incomprehensible nonsense.

Watch OpenAI go public and just follow Tesla's business model (convincing retail investors to shovel their money into a fire while announcing "AGI is coming next year" every year forever).

This would be extremely significant. China implemented a similar law in 2021 requiring security researchers to report zero day vulnerabilities to both the software vendor and the Chinese government. It was followed by an absolutely massive explosion in zero day use by CN state sponsored groups. I suspect it not only lead to a huge increase in the number of zero day exploits China was in possession of, but also their calculus on how and when to use them. Normally, zero days are used very sparingly. There is always a risk they will be detected and patched. However, if the vulnerabilities are being simultaneously reported to the vendor and the intelligence services, they're getting patched anyway. There's very little downside to using them, and only a small window to do so. I can't say 100% the legislation change is what caused the changed in behavior, but since then, there have been many documented cases of Chinese APTs using high value zero day exploits to indiscriminately hack systems. Not just high value targets, basically anything with an internet connection.

Risky Bulletin: Russian bill would require researchers to report bugs to the FSB - Risky Business Media

Russian lawmakers are working on a new bill that would require security researchers, security firms, and other white-hat hackers to report [Read More]