I spend 5-20 hours a week consuming reading, articles, and podcasts that explore the intersection of security, technology, and society. Then every Monday morning I send out the best of what I found. > >STANDARD EDITION | EP. 247 | September 21, 2020
MY ESSAYS
No, Moving Your SSH Port Isn't Security by Obscurity More >
I've Been Too Sloppy in the Past More >
SECURITY NEWS
A TikTok deal has evidently been approved in the US, with the contract going to Oracle and Walmart right before the app was set to be banned. The contract supposedly includes the standing up of a new company called TikTok Global, which both companies will have a combined 20% share of. The deal includes both US hosting and access to TikTok's source code, but given how fast this happened, and how close to the deadline, I expect a lot to change in the next few days. More >
A (likely-Maze-based) ransomware attack on a hospital in Germany has lead to the death of woman. She tried to get immediate help at a hospital that was currently disabled due to ransomware, and she had to go to another hospital about an hour away. She never made it. More >
An anti-China activist leaked a Chinese database full of personal data from tens of thousands of VIPs from around the world. The total list was around 2.4 million people, which included politicians, royalty, etc. The database was created by a Chinese company called Zhenhua Data, and seems to be exactly what I wrote about here >, where I postulated that China is probably building a massive Leverage CRM for the future. Basically, gather as much information as you can, about everyone, including kids, so that you can use that data as leverage years or decades in the future. More >
Six people selling products on Amazon have been indicted for bribing Amazon employees to help them gain an unfair advantage. This included bribing them to do things like reinstate their banned accounts, or banning rival accounts. They were able to earn one-hundred million dollars using these techniques. More >
Congress has passed a bipartisan IoT Security Bill that will require (if it becomes law) that all devices acquired by Federal agencies comply with a new set of NIST security standards for IoT. More >
Credit card fraud has risen 104% in the last quarter according to the FTC. More >
Vulnerabilities:
There's a wicked vulnerability in Microsoft Netlogon (445 TCP or a Random RPC port) that gives an attacker instant Domain Admin. Patch immediately. More >
There's a vulnerability in Bluetooth affecting billions of devices. More >
The ZDI September Security Update Review More >
Ransomware:
Ransomware lead to the death of a woman in Germany because she needed immediate help and had to go to a further hospital and never made it. More >
APT:
The US has imposed sanctions on an Iran-based APT39, which is known for targeting dissidents, journalists as well as global enterprises. More >
TECHNOLOGY NEWS
Anime avatars are getting big on Twitch and YouTube. It's where you're basically looking at a video stream of a cartoon character, but it's being controlled by a real person, in real-time. The technology is just now getting really good, but I think this is going to open the doors for millions more streamers who didn't want to stream live because of their voice or their appearance. They will be able to emote as themselves, or as a character, and have people see them as they wish they were. More >
Amazon is hiring another 100,000 employees in the US and Canada. More >
It looks like Zoom might be coming after Slack with new messaging features. More >
Facebook is introducing a new feature where you can watch videos together, called Watch Together. More >
Elon Musk has almost completed his tunnel under Las Vegas that will transport self-driving cars. More >
Starting on October 1st, all new repos on Github will be called "main" instead of "master". More >
The X-1 credit card gives you a limit based on your income, not your credit. More >
Companies:
Snowflake just had the largest software IPO in history, at $3.4 billion dollars. More >
Affirm just raised a $500 million dollar series G to help their 'buy now pay later' business. More >
Tonal has raised another $110 million to continue doing connected home fitness. More >
Observe.ai has raised $54 million to analyze call center conversations. More >
RapidAI has raised $25 million to analyze medical scans using AI. More >
SOCIETY NEWS
Another doctor and a fairly large study has found that Vitamin D can significantly help against Coronavirus. As I've said before here, I think the science is still early on COVID, but it looks like getting your D-levels to the high-normal range is probably a really good idea. Again, normal ranges. Don't go crazy with it. The problem seems to be a deficiency in D, not a need for super-high levels. More >
Spiking gun sales are overwhelming our background check infrastructure. More >
Israel is doing another lockdown because their cases are spiking. More >
The study of Ancient DNA (it's a whole field now) has revealed that Vikings weren't all Scandanavians with blonde hair. There was significant mixing with groups from Asia and Southern Europe. More >
Scientists figured out how to create a disassociation, Ketamine-like effect using brain waves instead of drugs. More >
IDEAS, TRENDS, & ANALYSIS
Ransomware is the New PCI, and both seem more effective than anything else we've tried at getting people to take security seriously. More >
UPDATES
My friend John Japuntich just released his new novel, ATROPOS, on Amazon, and it's currently sitting at #44 in new hard Sci-fi!. I'm going to read it first, and if it's great I might recommend it for our book club. More >
I've been doing a bunch of work on the site lately, basically making it look more like a modern website and less like a blog. Whatever that means.
DISCOVERY
The Ultimate Guide to FFUF, by my friend Codingo. More >
Generative Bad Handwriting More >
A brilliant and hilarious walkthrough of someone finding Tony Abbott's passport number using a discarded airplane ticket. More >
How to send files using nothing but SSH, Tee, and Base64 More >
How the Air Quality Index Works More >
I am loving these one-liner bug-bounty tips on Twitter. More >
Mental Models More >
Marc Andreessen on Productivity, Scheduling, Read >ing Habits, Work, and More More >
Hash.ai — Build multi-agent simulations in minutes. More >
Darkshot — A multi-threaded screenshot scraper. More >
Onefuzz — A self-hosted Fuzzing-as-a-Service Platform More >
RECOMMENDATIONS
You should watch—and get your loved ones to watch—The Social Dilemma >. It's a documentary about how social media is attacking our mental health and our democracy. Extremely well done. More >
APHORISMS
"Simplicity is the extreme degree of sophistication."
~ Leonardo da Vinci