@mikko’s Tweets

Apr 6

Run Windows 3.1 in your browser, via Internet Archive: archive.org/details/win3_s

5

63

169

On this day in 1992.

84

503

2,334

Coming soon. Our first #cosecurity unconference -- thesphere.org Let me know if you'd like a VIP invite to be with us in #SPHERE22 June 1st -2nd in Helsinki.

6

11

New! Ep. 6 of the

podcast. REvil's attack against Kaseya was one of the biggest and most intriguing ransomware incidents so far. Here's how it went down. anchor.fm/ransomwarefiles W/

3

63

125

Topics to follow

Sign up to get Tweets about the Topics you follow in your Home timeline.

Carousel

Spotify's free text fields can & have been used for fetching encoded payloads or C2. Just like pastebin & Britney Spear's SoMe have been used in the past. Surprised it is not used more. Anything that contains text that is accessible from DNS or web is a possible infil vector.

Quote Tweet

· Apr 4

open.spotify.com/track/4CutWJxN

7

29

Apr 4

Kanye West made $170M in 2021. Hedge fund manager Jim Simons made $3400M in 2021.

Quote Tweet

· Mar 15, 2017

Taylor Swift is the world's highest-paid celebrity. She made $170M in 2016. Michael Platt is a hedge-fund manager. He made $1500M in 2016. twitter.com/Forbes/status/

6

20

58

Cryptocurrency has done more for computer security than I'd ever expected (basically, instant bug bounty for lots of tech, and an actual market demand for real security vs. compliance-focused games.)

27

113

935

tl;dr Yes, 128-bit security is all what you need.

Quote Tweet

Yehuda Lindell

@LindellYehuda

· Apr 4

People often ask the question - is 128-bit security enough? Is AES-128 enough for high security applications? In this thread, I’ll do the calculation. I’ll assume that AES should be about 8 times faster than SHA256 in ASIC (this is conservative). 1/n

Show this thread

5

9

29

EU countries that exported arms to Russia during 2015-2020, despite the embargo Journalists of Investigative Europe conducted an investigation and found out who supplied what to the Russians and how much they earned on it. investigate-europe.eu/en/2022/eu-sta

53

355

641

open.spotify.com/track/4CutWJxN

Apr 4

Quote Tweet

jvoisin

@dustriorg

· Apr 2

Horrible edge cases to consider when dealing with music — dustri.org/b/horrible-edg

3

15

Nordex, another major wind turbine manufacturer hit by ‘cyber incident’ (normally meaning ransomware). Note that the release comes two days after the attack - and no mention of OT systems. I’m also noting that a lot of green energy companies were targeted lately. Coincidence? 🇷🇺

15

139

232

As much as we like to pretend otherwise, infosec professionals are as vulnerable to scammers and social engineering as anyone else. Here's a story about the most sophisticated Wells Fargo/Apple Pay scam I've encountered, which successfully tricked me. lupinia.net/writing/tech/s

7

76

136

Fed up of WiFi? No problem, my solution is here - all you need is a microphone and speaker (and a quiet room!) Transmitting data via audio: x86matthew.com/view_post?id=a

0:24

68K views

85

511

2,133

Apr 2

Never forget Rubicon, April 2002. infocon.org/cons/Rubicon/m

Marriott Hotels

13

5

52

Quote Tweet

· Apr 1

The Ukrainian parliament has approved a law with a list of rewards for Russian military equipment. Russian soldiers defecting to Ukraine with a warship or a jet can now claim up to $1 million. A tank or an artillery piece would be worth a $100,000 reward.

Show this thread

22

48

This story is completely and utterly false.

Quote Tweet

The Times

@thetimes

· Apr 1

EXCLUSIVE: China staged a huge cyberattack on Ukraine’s military and nuclear facilities in the build-up to Russia’s invasion, according to intelligence memos obtained by The Times thetimes.co.uk/article/china-

Show this thread

10

118

265

Towing a Tank With Tractor

Apr 1

How To Tow a Tank With a Tractor

youtube.com

Recently there has been a lot of cases where farmers have found foreign military vehicles abandoned in their fields.The only practical way to remove them is ...

5

30

88

The Last Days Of Mariupol’s Internet

Apr 1

19 down, 2 to go

4

12

103

Engineers who kept Ukraine’s port city online have gone missing or died in the carnage inflicted by Russia’s siege. Hope remains that Ukrainian cities knocked off the internet map will come back online fast once the shelling ends.

forbes.com

Engineers who kept Ukraine’s port city online have gone missing or died in the carnage inflicted by Russia’s siege. Hope remains that Ukrainian cities knocked off the internet map will come back...

1

29

82

We've had 6 wipers in the wake of the Ukraine invasion but the biggest elephant in the room has been the infamous 'satellite modem hack'. Despite statements saying there was no malware involved, we believe it was the work of a 7th wiper– AcidRain

7

179

436

Mar 30

Classic Divinorum.

4

5

69

SOMBRA'S ONLINE CYBER-TECHTALK

Mar 30

I stand with Ukraine, and I'm honoured to give a talk to Ukrainian IT professionals on the 11th of April. інформація:

it-cluster.if.ua

We invite you to joinSombra's Online Cyber-Techtalk with world-renowned cybersecurity expert Mikko Hypponen, who supports Ukraine and has agreed to share his experience.

6

96

440

“gentlemen hackers” ANSI by H7 //

@Blocktronics

(2022)

@velikani

#ansiart #ansi #ascii #asciiart #pixelart #textmode #textart #text #art #demoscene #bbs #retrocomputing #retrographics #8bit #8bitart #typography #graffiti #graffitiart #mikkohyppönen #tomituominen

3

6

36

If true, this is worrisome on many levels. First, they believe this is necessary. Second, by isolating from others, their psyche starts to change. Third, they can be fed false information either deliberately or as a consequence of the system.

Quote Tweet

Bojan Pancevski

@bopanc

· Mar 28

Bellingcat investigator says Russia's defense minister Shoigu and other senior officials, possibly including Putin, are residing in nuclear bunkers near Ufa in the Ural mountains, according to recent flight data twitter.com/christogrozev/…

Show this thread

10

25

103

Today, the enemy launched a powerful cyberattack against #Ukrtelecom ’s IT-infrastructure. According to Yurii Shchyhol, the Chairman of the

@dsszzi

, at the moment massive cyberattack against #Ukrtelecom is neutralized. Resuming services is under way. #Ukraine #CyberAttack #war

10

143

257

Apple should pull the plug on the iPhone

John Dvorak on Marketwatch, March 28, 2007.

marketwatch.com

BERKELEY (MarketWatch) -- The hype over the unreleased iPhone has actually increased over the past month despite the fact that nobody has seen or used the...

7

36

The consumer company will be called F-Secure. The enterprise company will be called WithSecure. I’m in WithSecure.

13

16

243

Background: shareholders of F-Secure have decided to split the company into a consumer business and an enterprise business. The plan is to list both companies separately in the stock exchange.

2

13

126

Some personal news: after many years at F-Secure, I'm now the Chief Research Officer at WithSecure!

88

52

1,677

My talk about online terrorism from 10 years ago.

Quote Tweet

· Apr 2, 2012

RSA (@RSAConference) has published a shortened version of my 2012 talk "Terrorist Groups in the Online World": youtube.com/watch?v=pBwkI9 [14'24"]

1

3

18

Mar 27

This Karl Lagerfeld logo reminds me of something

16

10

448

State of GPS interference for 2022-03-26. No big changes in the past few days (as usual, the jamming in the southwest U.S. is taking the weekend off).

4

17

62

Mar 26

CERT-UA’s list of cyber attacks against Ukraine’s critical infrastructure over the last week. cip.gov.ua/en/news/khto-s

1

105

174