I don't know what decomprossed means. I've got a very high IQ and can't type for shit. Decompressed**

Right now with every single file on vx-underground 7z ultra compressed, the entire archive is 11TB

We're too big. Too much malware material

PARENTS BE VIGILANT THIS HALLOWEEN

This evening, after returning from an All-American festive Halloween extravaganza, we discovered an unknown Bad Actor laced my child's food with RICHARD STALLMAN

Parents, people are lacing candy, trying to Linux Black Pill kids. BE CAREFUL

He took a bite out of the candy, turned around, looked me in the eyes, and said, "Actually, it's GNU slash LinUX".

I fell to my knees. I couldn't believe what he just said.

As I sobbed he said, "I refuse to subject myself in these proprietary systems, Father"

It's all over

Amazon's CEO told investors and stakeholders today the recent lay off of over 30,000 people, including 13,000 corporate jobs, was not the result of AI or financial woes

He said it was "cultural". He highlighted that despite Amazon having tremendous financial growth this year, making over $180,000,000,000 in sales in the past 3 months, he felt there was too many layers of complexity to their operations.

More specifically, he said there was too many layers of people and it slowed down key decision making processes and operations

tldr bro said "fuck middle management" ... and a bunch of other people too

Hot take: I kind of believe him. Ever since COVID era there's been some changes to businesses where they suddenly don't give a fuck about middle management

But he fr is prolly aiming on AI to replace mfers too

Yesterday evening 3 people in Moscow, Russia were arrested for the alleged creation and distribution of Medusa Information Stealer (Meduza stealer).

Per Russian media outlets, the 3 people apprehended are charged with unauthorized access to data to an institution in the Astrakhan region.

The charge is "Part II of Article CCLXXIII (273) of the Criminal Code of the Russian Federation (УК РФ)" which is designated for the creation, use, or distribution of malicious computer programs (malware) which (in reference to Part II) is committed by a group of persons by prior conspiracy, and blah blah blah. Lots of filler stuff.

tl;dr charged with malware distribution and/or conspiracy to do malware stuff

If found guilty the individuals charged face up to 5 years in prison or 5 years of hard labor. Additionally, they may be barred from holding certain positions for 3 years.

The raid on the group was recorded and shared online by local law enforcement (presumably). The raid was performed by the Moscow Police with assistance by the Russian National Guard

Some people on X commented this is staged. I don't think it's staged. I really recommend reading this paper by RecordedFuture, in summary they believe there is some changes occurring in the Russian Federation and they're less tolerant to cybercrime unless it benefits them

https://www.recordedfuture.com/research/dark-covenant-3-controlled-impunity-and-russias-cybercriminals

Hello,

I've gotten quite a bit of messages today about all sorts of stuff. I see them and I will reply when I get the chance.

It's Halloween, I'm with my family, I've gotta do normie shit like make memories and bond, or something, I don't know

I have lots of cool things to share this weekend but until then please enjoy your Halloween.

If you're a total nerd and not doing Halloween stuff: you're living the dream and I am super jealous. I miss the days of being able to chill in my bedroom in my undies and do whatever I wanted.

Anyway, I love you. Have a good night, morning, or afternoon
- smelly smellington

Someone compromised the University of Pennsylvania and sent out a very silly message to students, faculty, and alumni.

I can't tell if they're actually politically motivated or trying to rustle jimmies.

Overall I give it a solid 8/10 for a Halloween silly

Every couple of months some media outlet does some clickbait slop fucking article about 200 bajillion million gazillion passwords being leaked or compromised

I pray to God for mercy

O Lord, why dost Thou makest me look upon this AI slop? Truly mine eyes doth suffer.

I fuck with that old timey biblical Hebrew ass wording. I love it

O Lord, wherefore dost Thou cause me to gaze upon this abomination wrought by artifices of man and metal?

Found the coolest hat at a Thrift Store

My wife and I found this cool hat at Goodwill. For those who aren't familiar with slang, this hat "STOP GOONING" is a reference to "Me & My Goons" by Plies.

This is an anti-gang violence hat. I wear it everywhere I go

wHatS a GooD pAssWorD mAnAgeR

I store all my passwords in a text file called "passwords" and if someone successfully gets access to that file then I'm going to kill myself

That's my security model

A few weeks ago, or maybe a month ago, I don't know, I don't remember ... I did a post about BetterTelegram and wrote I was going to be paid $1,000 for the "advertisement". The "advertisement" I wrote was borderline satire and (in my opinion) was very funny

Anyway, to make a long story short, I was not paid $1,000 because the person who offered me the $1,000 was not actually someone who "works" for BetterTelegram (e.g. not a developer or representative). It was more or less an affiliate who had hoped my post would drive traffic to the BetterTelegram domain with the hopes it would generate some sales.

When the actual people behind BetterTelegram saw my post they were heartbroken. They felt embarrassed that I had, in essence, satirized their product in front of over 400,000 people. They also got upset that the affiliate thought my post was a good thing to post. Overall they were unhappy about the whole thing.

After I spoke with the people from BetterTelegram I agreed to "honestly' review the product. I felt bad that I had accidentally bamboozled them. The word honestly is in quotation marks here because I reverse engineered the living shit out of it to determine whether or not it's actually malicious.

In summary, it is not malware. It does some funky stuff (long story) and some stuff I don't particularly like (long story). However, it is not malware and it's not particularly bad. I just disagree with some of the design choices made.

I'll be publishing a write up on it. I'll show step by step how I reverse engineered it, confirming things they stated about their product, etc. I'll also explain some of the things they did that I didn't like and things I think they can improve on (architecturally).

Despite me tearing this codebase apart, I still do not use it because I don't really take Telegram serious enough to require secure communications. If I want to have secure conversations I'll move to Signal, or something.

Spoke to a Threat Actor recently who just got done serving a few years in federal prison the United States.

He was convicted for wire fraud, identity theft, and money laundering. I asked him what it was like and his thoughts on the matter.

He said (not his exact words) waiting for sentencing and stress surrounding it was terrible and suffocating.

He said prison wasn't too bad. He said if you're a drug addict or a person who causes problems you're going to have a bad time.

He said he spent most the time reading, working out, or keeping to himself. He said he met some nice people in there he now considers friends. He specifically highlighted his "gains". In other words, when all you can do is read and workout, you'll probably get in pretty good shape pretty fast.

He served roughly 5 years in total.

He would not recommend prison

Sam Altman and Elon Musk are currently having an argument on social media

tldr

No idea why they're arguing. But it seems silly two profoundly wealthy and influential people are getting into an argument on social media

I also cannot remember the social etiquette on whether or not calling a person retarded is politically incorrect. I was informed it is, others have asserted it is not. A person has informed me they're disgusted that I would call people the R-slur, but I am not sure if this constitutes a slur or not because mental retardation is an actual medical diagnosis

I don't understand the world. I'm scared and confused.

Lots of nerds arguing over FFmpeg and Google stuff still.

Basically security nerds have argued that FFmpeg has a responsibility to fix any bugs in their project regardless if they call themselves a "volunteer project" or a '"vendor".

Security nerds argue that because of the size and popularity of FFmpeg, which FFmpeg proudly reps, then they should fix the issue and trying to minimize themselves as "volunteer project" is redundant

FFmpeg has responded, in summary, "stop jerking yourselves off, just submit a patch".

Security nerds retorted that it's not their job to submit a patch and FFmpeg, as the vendor or volunteer project, whatever you want to call it, is responsible for the patch.

FFmpeg and it's supporters have criticized security nerds as people who want to find CVEs to look cool and badass, rather than actually improving the security posture of a project.

We're on day 3, or day 4, of a bunch of nerds arguing about patches and stuff. It's a beautiful thing. I enjoy reading it. I think everyone makes a valid point.

I also enjoy people calling each other nasty names and insults over something they're not involved in (they don't work at Google or help FFmpeg, they're just picking their team)

Overall I give this drama a solid 7/10.

Woke up this morning to people who don't work in cybersecurity, or really do anything in cybersecurity at all, trying to tell me what's happening in cybersecurity

I'm really confused

One person commented that I'm biased because I keep calling security researchers nerds

I am profoundly confused. My confusion knows no bounds.