James Wright ๐Ÿ”‘ @james

๐ŸŽ‡AlphaBay, an anonymous dark web data marketplace, is shut down by law enforcement. The site's sales are โ‰ˆ๐Ÿ’ฐ $1MM per day! ๐Ÿ—๏ธ

In the first six months of 2017 the site sold $5MM worth of stolen credit-card numbers.


โœ๏ธApple will build a data center in China housing local customer data; while retaining keys. ๐Ÿ”


@lx The side channel attack extrapolates approximately 50% of the private key, the remaining bits are solved using a modified version of the branch and prune algorithm of Heninger and Shacham. ๐Ÿ˜Ž

It's an interesting way to break the crypto library. ๐Ÿ”ฆ

Here are fireworks๐ŸŽ†: researchers ๐Ÿ”ฌ crack 1024-bit RSA Libgcrypt crypto library ๐Ÿ”. CVE-2017-7526 effects GnuPG, Debian, and Ubuntu. Patch Libgcrypt to version 1.7.8. ๐Ÿ’พ


mastodon.jamesmwright.com/medi mastodon.jamesmwright.com/medi

๐Ÿ˜Ž Finished upgrading my instance to v1.4.7 ๐Ÿ’พ

Thank you to all that contribute to this open-source social media project! ๐Ÿ…



๐Ÿ“ก Open Whisper Systems releases new features in , an encrypted communications app. Changes revolve around safety numbers use. ๐Ÿ”


โ€ช๐Ÿค” is using vulnerability to spread through firewalls and WMIC / PSEXEC to move internally. No clicking required. โ€ฌ ๐Ÿ’พ


โ€ชโŒ› is infecting computers worldwide today, causing mass outages. Power system generation in the Ukraine is impacted. Banks and other services knocked offline. ๐Ÿ

โ€ช zdnet.com/article/a-massive-cyโ€ฌ

๐Ÿ˜Ž Finished upgrading my instance to v1.4.6 ๐Ÿ’พ

Thank you to all that contribute to this open-source social media project! ๐Ÿ…



๐Ÿ˜Ž Finished upgrading my instance to v1.4.5 ๐Ÿ’พ Thank you to all that contribute!



๐Ÿ”ฆ Walmart is telling its vendors to get off Amazon cloud services if they want to do business with them. That's a whole new level of risk management. โŒจ


Finished upgrading my instance to v1.4.4 ๐Ÿ’พ Thank you to all that contribute!



exploits a vulnerability in Linux, FreeBSD, OpenBSD, and other OSes. Check with vendors on patches for this flaw. ๐Ÿ’พ


Our detailed technical report on an advanced intrusion is now released. This group has improved their tradecraft and is using a few techniques I haven't seen any other hackers use before.

is new fileless that injects its code into the svchost.exe process.๐Ÿ”’ It is being leveraged as in the wild by encrypting file systems and demanding payment. ๐Ÿค

2010 article on PsExec covers risks:

๐Ÿ‘ thehackernews.com/2017/06/file