Starting around October 1st I saw something catastrophic happen to my incoming traffic from Google. Compared to the beginning of the year I have gone from around 10,000 pageviews a day to around 5,000—a 50% loss in traffic. Once I noticed (which took a while), I started reading a ton of articles on all the various potential causes.…
Archives for 2018
The Difference Between Decompilers, Disassemblers, Debuggers, and Hex Editors
For people looking to get into reverse engineering, the barrier to entry can be fairly steep—starting with the terminology. Here are the differences between a few key tools you will encounter on the path. Decompilers reverse binaries into higher-level languages, like C++. Disassemblers reverse binaries into assembler language. Debuggers allow you to view and change the state of…
Unsupervised Learning: No. 157
Unsupervised Learning is my weekly show where I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30-minute podcast & companion newsletter. The goal is to catch you up on current events, show you the best content from around the web, and hopefully give you something to think…
The Unsupervised Learning Gift List
I often find myself in the unpleasant position of wishing I could send people a gift, but not knowing what to get them. What I like to get people are smallish things that produce absolute delight, like the perfect knife, whiskey glass, or end-table book. So what I’m going to do here is capture my list of items…
Sensors + Algorithms Are the New Camera
Don’t call them cameras or microphones anymore. Those are human-centric names, and humans are about to be the Neandertals of detection. I first heard this idea regarding cameras from Benedict Evans. What we’re moving towards is a world where sensors are everywhere—and of multiple types: Visible light Non-visible light Radio waves Sound Vibration Chemicals Radioactivity Air pressure Etc,…
The Difference Between a Penetration Test and a Red Team Engagement
One of the most frustrating things to me as a security person is having sales and marketing types confuse the different types of security assessment. Similarities And among those types of assessment, the pentest and red team are two of the most commonly mangled. First, let’s start with similarities. They’re both types of security assessment, meaning their goal…
Unsupervised Learning: No. 156 (Member Edition)
This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week. Become a member to get access immediately
Medium Just Became an Even Worse Option for Blogging
Medium has quietly been making a series of changes that are all bad news for writers who still publish articles on their platform.I discovered the most recent—and most significant—change when I emailed the Medium support a few days ago asking to update the canonical links of the e-Residency article that I had just re-written and updated on nomadgate.com.It’s…
Do Great Minds Come from Lives of Comfort?
I’m not sure where all I am getting this from, but I know it’s multiple angles. I just got done watching a documentary on Mr. Rogers, and something struck me about his background: he grew up with a rich and successful family. Bertrand Russell then came to mind. He was from a rich family as well, and he…
The Strange Game of Shared, For-profit Cybersecurity Risk Scores
Brian Krebs ran a story recently about how FICO has a new service for rating the Cybersecurity risk level of various companies. Problem is, in one of their marketing communications about the new offering, they leaked the actual report data for a little company called ExxonMobil. I find this space both strange and fascinating. On one hand I…
The Future of Config-file-based IT Infrastructure
To me the main feature is that they’re the beginning of config-file-based infrastructure. Imagine a language that can translate a business requirement into a full tech stack. That’s where we’re heading.— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler) December 15, 2018 I saw this tweet by Dan Kaminski recently, and gave a quick response as one does on Twitter. But I think…
Remote Doctor Visits Are Spectacular
I just recently did my first remote doctor visit, and it was life-changing. I’m generally not the type who goes to the doctor. I sometimes go for years without seeing one, and I don’t even have a primary care physician. I haven’t for decades. Anyway. I was in Vegas for conferences a couple of years back and needed…
How to Survive if You Wake Up in the Past
My friends and I have always had a fun game we play, where we imagine what we’d do if we were thrust backward in time. So you’re like dropped in Rome at 1 BC, or Britain in 1300. What would you do? We’re ignoring language, but that’s important too of course. You know all these technologies are possible,…
Unsupervised Learning: No. 155
Unsupervised Learning is my weekly show where I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30 minute podcast & companion newsletter. The goal is to catch you up on current events, show you the best content from around the web, and hopefully give you something to…
Why I Believe Postmodernism is Causing Depression
There’s a lot of confusion about the term Postmodernism. To people on the far left, it’s their shadow religion—basically a healthy disregard for any value system that has exerted influence (and caused suffering) in the last few thousand years. To the far right, it’s a rejection of all that is good in the world—like tradition, family, piety, and…
Unsupervised Learning: No. 154 (Member Edition)
This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week. Become a member to get access immediately
What I Found Most Interesting from Amazon re:invent 2018
Amazon has completely crushed it again at this year’s re:invent conference. They continue to innovate a truly frightening pace. And when I say frightening, I mean…in that it creates fear within me. It’s just doing so much, so quickly, that I can’t help but feel uncomfortable. But it’s a good thing. I think. It’s definitely sending a great…
My Friend Chris Romeo Died Yesterday
I used to work at Aflac with a bunch of cool guys. One of them was named Chris Romeo. He was always smiling and trying to figure out how to turn the previously uttered sentence into a joke. He called it checking someone’s oil. One day he came up behind me next to our cubes and tried to…
Unsupervised Learning: No. 150
This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week. Become a member to get access immediately
Why You Should Directly Support as Many News Sources as Possible
By now most people understand that there’s a serious problem with the news, but I’m not sure how many know how fundamental it is. Here’s the underlying issue: The companies that make the news we consume are for-profit businesses. These companies aren’t just pressured to increase profits, but will go out of business if they don’t constantly adapt…
Unsupervised Learning: No. 153
🛡️ Security News Ukraine has found another nasty piece of malware targetting their government systems. It’s a Windows backdoor called Pterodo. Link China has turned on their social credit system that was basically a Black Mirror episode, and it’s resulted in the blacklisting of millions of Chinese from booking flights. Their scores were too low. Unreal. Link The US…
Unsupervised Learning: No. 152
This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week. Become a member to get access immediately
Some of My Favorite Shell Aliases From Over the Years
Aliases are one of those things that follow you, from laptop to laptop, and server to server—like snippets of your educational DNA. Here are some of mine that have followed me for two decades: Type f to find things by name using find $ alias f="find . -name" A super quick speed test You can do this with…
The Few Are Winning, The Many Are Losing
I was just watching the mid-term results come in this evening and was struck with an idea: even in our democratic republic, it’s the few elites that seem to be winning. Trump won by electoral college, and he lost the popular vote. The electoral college is a collection of a few super influential people. The people are—well—the people.…
Unsupervised Learning: No. 151
Security News 👋 We’re preparing to release the 2018 version of the OWASP IoT Top 10, and we would love your feedback! Updated to include a feedback form. Form Link 🛑 Check your Facebook account to see if it was hacked. Link The company that owns Fortnite has purchased a company focused on stopping cheaters. Link A government report…
Building Your Own Dedicated IPSEC VPN in Less Than 10 Minutes
There are tons of VPN options out there, and the field is confusing enough that I did a post on the topic a while back to help people pick one of the better ones and avoid the scams. But if you look at the considerations for making a good choice, they mostly reduce to the following: Privacy Log…
What If Corporations Provided For Their Customers?
I was talking about books with my friend Jon Robinson the other day, and he said something offhand that I’ve not been able to chase out of my brain. It sounds like a silly idea until you realize that what we’re doing now is not likely to work for much longer. Corporations are becoming more powerful. They’re buying…
Entropy and Security
I’ve been obsessed with entropy since I learned about it in high school. It’s highly depressing, but it’s awesome at the same time given how inevitable it is, and how it’s happening all the time and all around us. I was just reading The Most Human Human, by Brian Christian, and it reminded me that I’ve wanted to…
Falling Testosterone, Poverty, and Violence, and How That Will Combine With Rising Inequality
It’s interesting to think about all the different trends happening at the same time right now: This is obviously not a complete list. Testosterone has been falling in men for decades Link Global violence is at an all-time low Link Global poverty is at an all-time low Link Income inequality is the worst it’s been in over a…
The Cybersecurity Hiring Gap is Due to The Lack of Entry-level Positions
If you haven’t heard yet—which is unlikely—there’s a problem with hiring in cybersecurity. The issue is we’re not sure of the nature of that problem. A number of studies are talking about there being 3.5 million unfilled cybersecurity positions by 2021. But many are in that same market looking for work and are unable to find any. So…
On the History of Watches
Some friends just commented about a video on Twitter where a watch guy basically described why real watches are real watches, and technology-based watches like the Apple Watch don’t qualify. You should take a moment to watch the video. I agree with many of his points, and I’ve recently consumed a number of similar opinions from similar people.…
Preparing to Release the OWASP IoT Top 10 2018 (Updated: Released)
[ UPDATE: The project is now live here. ] Please give your feedback on the list here. The OWASP Internet of Things Top 10 has not been updated since 2014, for a number of reasons. First of which was the fact that we released the new umbrella project that removed focus from the Top 10 format. This, in…
Humanity’s Ultimate Red Pill
Man can do what he wants, but he cannot will what he wills. Arthur Schopenhauer One of the most powerful concepts in the Matrix was the idea that people were separated into two groups: those who could only see the world as it appeared, and those who could see its true form. I am saying 5% because of…
How I Reduced My Spam Phone Calls by 90%
Many of the calls are actually in Mandarin, which I don’t speak. Over the last few months I’ve seen my spam phone calls go from around one a week to like ten a day, and it’s been infuriating. After a good bit of Googling, I ended up coming up with two solutions that reduced the problem by around…
Stop Trying to Violently Separate Privacy and Security
I just stumbled upon an article by Mark R. Heckman, Ph.D, CISSP, CISA that—like so many others in the industry—wildly contorts himself to make a distinction between security and privacy. He writes: I argued here why I don’t think this difference matters as much as people think. Without a clear understanding of the difference, data security and privacy…
Feedly Feature Request: Custom Long-press
This post will serve as a feature request for my preferred news reader—Feedly. The feature is called: Custom Long-press Custom Long-press pro Custom Long-press is a feature that allows users to assign an arbitrary function to the long-press action within Feedly. Examples might include sending to the Safari Reading List, Sharing on Buffer, etc. My current workflow for…
How Technology Increases Production Without the Need for Humans
Over the last several years I’ve been reading extraordinary amounts about the future of artificial intelligence, and how it’ll affect human work. I’ve written about this extensively here, so feel free to explore if you’re interested. Recently a reader reached out and pointed me to a video by Moshe Vardi of Rice University. The reader was himself a…
My Analysis of the Disconnect Between Sam Harris and Jordan Peterson
If you follow the work of either Jordan Peterson or Sam Harris you’ve no doubt seen them engage each other in various ways over the past year or so. Jordan has been on Sam’s podcast, which didn’t go well. They talk about each other to their respective audiences, and now they have a new video podcast series together…
Unsupervised Learning: No. 141
Subscribe here to get this in your inbox every week. Security News 😮 The governments of the “Five Eyes” (US, Australia, UK, Canada, and New Zealand) have asked the world’s largest tech companies to build encryption backdoors into their systems. But more than just asking, they also said, ”Should governments continue to encounter impediments to lawful access to information…
My Current Top 3 Intellectual & Creative Challenges
Just on a personal note, I want to capture three of my top projects right now: Learning and implementing machine learning. This includes getting a decent understanding of the math that goes into it, but not going too deep there. The primary focus is to be able to make real-world predictions for real-world problems. Making electronic music. Specifically…
Concise Argument and Evidence That Steven Pinker is Wrong About How Good Things Are
As I covered in this earlier piece, despite having massive respect for Steven Pinker, and loving his latest book, Englightenment Now, I think he’s very, very wrong about the current state of America. My opinion on this is best described as a feeling of increasing unease—which is an emotion—but I only arrived at that emotion after consuming a…
5 Things You Didn’t Know You Could do with Nmap
For those who have been in information security for a while, nmap is like a warm and familiar blanket. Except this blanket kicks ass. It is—without question—the most versatile portscanner ever. A lot of people know that. Read my masscan tutorial. What fewer people know, however, is that with NSE scripting functionality nmap can do things you wouldn’t expect from a portscanner.…
The Most Important Questions
I think it’d be a useful exercise to try to capture the most important questions in the world. Here’s an initial attempt: If we don’t have free will, how should we build a society in such a way that both accepts this truth yet doesn’t descend into nihilism or other negative philosophies?If we were designed by evolution, and…
The Future of Work is Everyone Running the “Work” App
Let me propose one potential future to you—a future where most everything is done through the gig economy. Here is roughly how that might take place. Companies get rid of many or most of their employees, and decide to go with short-term contracts instead. There is extraordinary data showing that 94% of job growth (jobs created vs. jobs…
The Future Belongs to Those With Grit
If you’re not imbuing your children and friends with grit—as a core part of their identity—they will soon be driving rich people around and bringing them food. Rich people who probably have grit themselves. Grit /’grit’/ noun A positive, non-cognitive trait based on an individual’s perseverance of effort combined with the passion for a particular long-term goal or…
Rewards Programs Are Another Way We Pay for Things With Our Data
There’s a famous, often-misattributed quote in the tech scene that says something like: If you’re not paying for a given service, then you’re not the customer—you’re the product.Many people, going back to the 70’s This is fairly well understood for services like Google and Facebook, where the service is basically free but the companies make most of their…
The Difference Between Deductive and Inductive Reasoning
Pretty much anyone who thinks about how to solve problems in a formal way has probably run across the concepts of deductive and inductive reasoning. As with all my tutorials, the purpose of this article is to explain the differences between these two approaches as clearly as possible. Both deduction and induction are often referred to as a…
A Chromium-based Command-line Alternative to Curl
If you’ve spent any time coding in InfoSec, you’ve probably used a ton of curl to pull websites, check them for various issues or attributes, etc. This will follow redirects and provide a non-curl User Agent. curl -LA 'Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5' reddit.com…
Companies Are Relaxing Their Degree Requirements to Find Top Talent
Glassdoor just compiled a list of top companies that are dropping college degree requirements. There are a couple of different ways of looking at this. One is to say that the job market is so hot—in favor of employees—that companies are relaxing standards just to get people in. Another way to see it is that the correlation between…
Unsupervised Learning: No. 139
Subscribe here to get this in your inbox every week. Security News TLS 1.3 is finalized and should start rolling out everywhere soon. Adoption is expected to be quick. Link Burp continues to impress with its massive campaign of improvements and blog posts describing them. They recently just talked about how they’re adding point-and-shoot scan functionality, where you…