• Hive Five
  • Posts
  • 🐝 Hive Five 185 - Mis/Disinformation in 2024

🐝 Hive Five 185 - Mis/Disinformation in 2024

How JavaScript-first frontend culture broke US public services, All things DEF CON 32, Setup VSCode Like Neovim, and more...

Author

Bee
August 19, 2024

Hi friends,

Greetings from the hive!

I'll kick this one off with a quote from Arnold Schwarzenegger:

"Reps, reps, reps. You might think you only do reps in the gym, but repetitions are the key to life. Whether you want to improve at speaking in public or reading books or just eating better, you will need to do reps. Whatever you work at, it becomes easier and less uncomfortable with every rep you do."

Action is the only thing that stands between you and your goals.

Let's take this week by swarm!

🐝 The Bee's Knees

  1. An investigation into how JavaScript-first frontend culture broke US public services in four parts, beginning with examining the landscape. MORE

  2. This four-part series from a research network explores essential questions and insights to strengthen public discourse amidst the challenges of mis/disinformation leading up to the 2024 elections. MORE

  3. Unmasking Styx Stealer: How a hacker’s slip led to an intelligence treasure trove. MORE

  4. ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts. MORE

  5. All things DEF CON 32 in the official archives: art, badge, music, presentations, slides, and more. MORE

Hive Five is a weekly newsletter with the best of technology and security, thoughtfully curated, read by thousands of hackers. Do you have a product or service to promote? Find out more about advertising in Hive Five.

Upgrade Yourself β†’

You're getting the free version. Members get more β€” including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, and so much more. See what you're missing.

Table of Contents

πŸ“° Updates

🍯 My work

βœ… Changelog

  1. RetireJS, a tool for detecting JavaScript libraries with known vulnerabilities, has released version 5.1.4. MORE

  2. Fabric 2.0 is an open-source framework for augmenting humans using AI. Now written in Golang. MORE

  3. SecLists, a comprehensive collection of lists used in security assessments, released v2024.3. MORE

  4. Anthropic's Prompt Caching feature enables developers to cache frequently used context between API calls, improving performance and reducing costs. This new capability is now available on the Anthropic API. MORE

  5. X introduced the long-awaited long-form Write via API v2. Now you can POST beyond 280 chars. MORE

πŸ“… News

  1. New podcast alert: "Surfacing Security" explores cybersecurity topics related to Attack Surface Management, with co-hosts Michael Gianarakis and Shubham Shah, the co-founders of Assetnote. MORE

  2. iOS 18 introduces "Distraction Control," a feature that allows users to hide distracting elements on web pages, such as sign-in pop-ups and content overlays, improving focus and productivity. MORE

πŸ’Ό Work

πŸ’° Career

  1. This Maven lightning talk hosted by Kelly Vaughn and Taylor Desseyn aims to help job seekers communicate their impact effectively in their next job search. MORE

  2. As one advances in technical leadership, the focus shifts from specific technologies or architectural problems to enabling leaders and team members to solve them effectively: Delegate, Foster, Focus, Develop, and Remove. MORE

  3. Catchafire connects professionals looking to volunteer their skills with nonprofits in need, providing high-impact projects worth thousands in professional services. MORE

πŸš€ Productivity

  1. Anthropic's Alex Albert recommends using examples in prompts, as they work well, but cautions that excessive examples increase API costs and latency. Fortunately, Anthropic's Prompt caching fixes this issue. MORE

  2. The Tailwind CSS Color Generator allows users to generate, edit, save, and share Tailwind CSS color shades based on a given hex code or HSL color, providing a convenient tool for developers working with Tailwind CSS. MORE

  3. The video summarizes the key insights from the book "Buy Back Your Time" by Dan Martell, which provides an entrepreneur's perspective on effectively managing time and increasing productivity. MORE

  4. Setup VSCode Like Neovim For Productivity In 2023. MORE

  5. This video guides viewers on using every Obsidian core plugin, providing a comprehensive tutorial. MORE

The reason why I'm interested in setting up VSCode like Neovim is because of the AI-powered fork Cursor. I currently use it in conjunction with my terminal setup, as it still excels overall.

🌎 Community

πŸŽ‰ Celebrate

  1. Regala and the family announced the birth of their baby. Congrats! MORE

  2. Trashpuppy had a great time in Vegas and has received an offer letter for their first job as a pentester. LFG! MORE

  3. Like many others, Valeriy started with a negative bug bounty reputation score. They're now being invited to Live Hacking Events. Keep going! MORE

⚑️ Discussions

  1. Alex on the need for a CTF time bug bounty equivalent. (He's since started building it). MORE

  2. What Happened with the DEF CON Badge This Year? Deviant Ollam explains. MORE

  3. Hackers answering bug bounty questions at DEFCON 32, a valuable experience for the first-time attendee. MORE

  4. Daniel Miessler, the Founder of Unsupervised Learning, discusses the future of AI, finding purpose, and his experience in cybersecurity. MORE

  5. STΓ–K's life is a study in contrasts: transitioning from a camper van to a small homestead, shifting from a tech job to self-employment, overcoming social phobia to lead large crowds, yet still grappling with change. MORE

πŸ’› Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

  1. @tom_hirst | Tom Hirst | Builder who sells. Programmer who writes. Autonomy, price theory, web3. Core team engineering OriginProtocol.

  2. @strandjs | strandjs | I will light the way by the bridges I burn.Retired Senior SANS InstructorIANS FacultyBlack Hills Information Security Active Countermeasures.

  3. @almroot | Fredrik N. Almroth | Co-Founder & Security Researcher at @detectify. I code things to hack stuff.

  4. @Hxzeroone | Hx01 | Not evil just misunderstood.

  5. @danhardymma | Dan Hardy | Professional reptile, amateur philosopher, part-time visionary.

πŸ„ Level up

πŸ“° Read

  1. Passkeys are not passwords, nor are they SSH keys. They are a truly unique authentication method, designed to be unphishable, offering a novel approach to secure access. MORE

  2. Security vulnerabilities in Matrix's Olm library were discovered with little effort, raising concerns about the cryptography implementation. MORE

  3. Android web attack surface writeups. Chromium on Android can abuse intents to perform attacks that require user activation, without prompting the user. MORE

πŸ’‘ Tips

  1. Explore 25,538 free calisthenics spots worldwide with the help of the Calisthenics Parks website, which provides a comprehensive directory of these workout locations. MORE

  2. A fix for the issue of BurpSuite UI getting blanked out and overlapping in certain places. The solution involves creating a new file called "user.vmoptions" in the installation directory and adding specific arguments. MORE

🧠 Wisdom

  1. Staying calm through self-care: write when overthinking, read when uninspired, and more. Practical tips for maintaining mental well-being without relying on external hacks. MORE

  2. In this interview with Dr. Julie Gurner, an executive coach to top 1% CEOs and athletes, she shares her journey from studying psychology and philosophy to becoming an executive coach, emphasizing the importance of introspection and objective feedback. MORE

  3. Adam on imposter syndrome vs growth mindset: "I don't know what I'm doing yet. It's only a matter of time until I figure it out." MORE

  4. Prioritize the 80% - focus on the key aspects of health, wealth, and other areas for maximum impact; the remaining 20% will naturally fall into place. MORE

  5. One can lose 20 lbs of fat in 8 weeks without starving, aggressive dieting, or excessive gym time by incorporating fasted cardio 2-3 times per week. MORE

πŸ“š Resources

  1. The IoTGoat Project is an intentionally flawed firmware based on OpenWrt, maintained by OWASP to educate developers and security professionals on common vulnerabilities in IoT devices. MORE

  2. From object transition to RCE in the Chrome renderer. CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. MORE

  3. A list of crafted malicious PDF files to test the security of PDF readers and tools. MORE

  4. This repository lists a comprehensive collection of static analysis tools for various programming languages, build tools, and configuration files. MORE

  5. SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level slides. MORE

πŸ’­ Quote

❝

"You pile up enough tomorrows, and you'll find you are left with nothing but a lot of empty yesterdays."

Meredith Willson

NGL, this quote shook me to my core...I'm definitely guilty of putting things off, or focusing on less important things. The latter being a form of emotional procrastination.

πŸ›  Explore

🧰 Tools

Get $200 to try DigitalOcean β€” the go-to for all my recon, automation, and VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.

  1. Gitxray, an open-source security tool, scans GitHub repositories to identify information disclosure and detect suspicious behavior. MORE

  2. Gato Extreme Edition is a hard fork of Gato, serving to automate advanced enumeration and exploitation techniques against GitHub repos / orgs. MORE

  3. 30X is a tool designed to be used as a cloud function for Cloudflare Workers providing various ways to create HTTP redirects from 301 to 308, useful for stuff like SSRF. MORE

  4. Simple way to manage your remote machines and SSH keys. MORE

  5. EvoMaster is the first open-source AI-driven tool that automatically generates system-level test cases for web/enterprise applications, related to the field of Fuzzing. MORE

πŸŽ₯ Watch

  1. The Crazy Engineering of Venice: Uncover the extraordinary story of how Venice, a city built on water, became one of the most powerful and wealthy cities in history, from its humble beginnings. MORE

  2. The Brief History of AI Agents (2023-2024), is a quick lightning talk given by Swyx, exploring the rapid advancements in AI agents and their impact on the technology landscape. MORE

  3. Alex Wieckowski, a creator with over a million followers, is on a mission to make readers fall in love with reading again, leveraging AI to capture lessons from books and provide tips to become a better reader. MORE

🎡 Listen

  1. Microsoft and Fortra collaborate to combat the illegal use of cracked Cobalt Strike software, a tool commonly employed in ransomware attacks. MORE

  2. Beehiiv, a leading newsletter publishing platform, hosted a workshop led by its Head of Partnerships, offering insights on growing and monetizing newsletters. MORE

  3. Douglas Day discusses the benefits and challenges of pursuing a full-time bug bounty career, with a focus on privilege escalation bugs and more. MORE

  4. Rob has an exceptional story β€” from foster care to Yale, from a troubled childhood to a best-selling memoir called Troubled β€” and in this episode, he demystifies the memoir-writing process just for you. MORE

🌐 Technology

  1. The web browser market is in flux, with dominant players like Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari facing competition from emerging alternatives like Arc, Brave, and Ladybird. MORE

  2. The "Door Problem" highlights the need for game designers to consider users' perspectives and assumptions when designing intuitive interfaces. MORE

  3. As the community expands server monitoring from basic uptime tracking to comprehensive solutions, insights are sought on what to monitor. MORE

  4. Postgres Sandbox is an in-browser Postgres sandbox with AI assistance, allowing users to explore and experiment with Postgres within a web-based environment. MORE

  5. Kyle updated their Mac's operating system, which led to the automatic upgrade of the Spotify app. This upgrade sparked a reflection on the experience of using Spotify and the decision to ultimately quit the platform. MORE

I'm also not pleased with the Spotify app UI/UX, which reminds me that I should use the Spotify TUI more. Perhaps I should even try out other services such as Apple Music, as mentioned in the article.

πŸ€” Interesting

  1. Cooking product examples showcase how China is living in 2050 ahead of the rest of the world, hinting at innovative culinary technologies on the horizon. MORE

  2. Pok Pok, a collection of digital toys, aims to spark creativity and learning through open-ended play, reimagining the possibilities of digital play. MORE

  3. Derek Sivers explored how to make the best possible translation of a book and shares his current solution. MORE

  4. Community bike shops provide a scalable model that keeps thousands of bicycles out of landfills each year, enabling cyclists to fix their rides affordably. MORE

  5. If YouTube had channels. MORE

Pok Pok looks amazing for little kids! Though, I'm still wary of screentime in general.

Until next week, take care of yourself and each other,

Bee 🐝

Upgrade Yourself β†’

You're getting the free version. Members get more β€” including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, and so much more. See what you're missing.

P.S. Enjoy the newsletter? Forward it to a friend! It only takes 16 seconds. Making this one took 16 hours.

P.P.S. This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.