Daniel Miessler

Unsupervised Learning No. 247

News & Analysis
September 21, 2020

I spend 5-20 hours a week consuming books, articles, and podcasts that explore the intersection of security, technology, and society. Then every Monday morning I send out the best of what I found.  STANDARD EDITION | EP. 247 | September 21, 2020

MY ESSAYS

No, Moving Your SSH Port Isn't Security by Obscurity More

I've Been Too Sloppy in the Past More

SECURITY NEWS

A TikTok deal has evidently been approved in the US, with the contract going to Oracle and Walmart right before the app was set to be banned. The contract supposedly includes the standing up of a new company called TikTok Global, which both companies will have a combined 20% share of. The deal includes both US hosting and access to TikTok's source code, but given how fast this happened, and how close to the deadline, I expect a lot to change in the next few days. More

A (likely-Maze-based) ransomware attack on a hospital in Germany has lead to the death of woman. She tried to get immediate help at a hospital that was currently disabled due to ransomware, and she had to go to another hospital about an hour away. She never made it. More

An anti-China activist leaked a Chinese database full of personal data from tens of thousands of VIPs from around the world. The total list was around 2.4 million people, which included politicians, royalty, etc. The database was created by a Chinese company called Zhenhua Data, and seems to be exactly what I wrote about here, where I postulated that China is probably building a massive Leverage CRM for the future. Basically, gather as much information as you can, about everyone, including kids, so that you can use that data as leverage years or decades in the future. More

Six people selling products on Amazon have been indicted for bribing Amazon employees to help them gain an unfair advantage. This included bribing them to do things like reinstate their banned accounts, or banning rival accounts. They were able to earn one-hundred million dollars using these techniques. More

Congress has passed a bipartisan IoT Security Bill that will require (if it becomes law) that all devices acquired by Federal agencies comply with a new set of NIST security standards for IoT. More

Credit card fraud has risen 104% in the last quarter according to the FTC. More

Vulnerabilities:

  • There's a wicked vulnerability in Microsoft Netlogon (445 TCP or a Random RPC port) that gives an attacker instant Domain Admin. Patch immediately. More

  • There's a vulnerability in Bluetooth affecting billions of devices. More

  • The ZDI September Security Update Review More

Ransomware:

  • Ransomware lead to the death of a woman in Germany because she needed immediate help and had to go to a further hospital and never made it. More

APT:

  • The US has imposed sanctions on an Iran-based APT39, which is known for targeting dissidents, journalists as well as global enterprises. More

TECHNOLOGY NEWS

Anime avatars are getting big on Twitch and YouTube. It's where you're basically looking at a video stream of a cartoon character, but it's being controlled by a real person, in real-time. The technology is just now getting really good, but I think this is going to open the doors for millions more streamers who didn't want to stream live because of their voice or their appearance. They will be able to emote as themselves, or as a character, and have people see them as they wish they were. More

Amazon is hiring another 100,000 employees in the US and Canada. More

It looks like Zoom might be coming after Slack with new messaging features. More

Facebook is introducing a new feature where you can watch videos together, called Watch Together. More

Elon Musk has almost completed his tunnel under Las Vegas that will transport self-driving cars. More

Starting on October 1st, all new repos on Github will be called "main" instead of "master". More

The X-1 credit card gives you a limit based on your income, not your credit. More

Companies:

  • Snowflake just had the largest software IPO in history, at $3.4 billion dollars. More

  • Affirm just raised a $500 million dollar series G to help their 'buy now pay later' business. More

  • Tonal has raised another $110 million to continue doing connected home fitness. More

  • Observe.ai has raised $54 million to analyze call center conversations. More

  • RapidAI has raised $25 million to analyze medical scans using AI. More

SOCIETY NEWS

Another doctor and a fairly large study has found that Vitamin D can significantly help against Coronavirus. As I've said before here, I think the science is still early on COVID, but it looks like getting your D-levels to the high-normal range is probably a really good idea. Again, normal ranges. Don't go crazy with it. The problem seems to be a deficiency in D, not a need for super-high levels. More

Spiking gun sales are overwhelming our background check infrastructure. More

Israel is doing another lockdown because their cases are spiking. More

The study of Ancient DNA (it's a whole field now) has revealed that Vikings weren't all Scandanavians with blonde hair. There was significant mixing with groups from Asia and Southern Europe. More

Scientists figured out how to create a disassociation, Ketamine-like effect using brain waves instead of drugs. More

IDEAS, TRENDS, & ANALYSIS

Ransomware is the New PCI, and both seem more effective than anything else we've tried at getting people to take security seriously. More

UPDATES

My friend John Japuntich just released his new novel, ATROPOS, on Amazon, and it's currently sitting at #44 in new hard Sci-fi!. I'm going to read it first, and if it's great I might recommend it for our book club. More

I've been doing a bunch of work on the site lately, basically making it look more like a modern website and less like a blog. Whatever that means.

DISCOVERY

The Ultimate Guide to FFUF, by my friend Codingo. More

Generative Bad Handwriting More

A brilliant and hilarious walkthrough of someone finding Tony Abbott's passport number using a discarded airplane ticket. More

How to send files using nothing but SSH, Tee, and Base64 More

How the Air Quality Index Works More

I am loving these one-liner bug-bounty tips on Twitter. More

Mental Models More

Marc Andreessen on Productivity, Scheduling, Reading Habits, Work, and More More

Hash.ai — Build multi-agent simulations in minutes. More

Darkshot — A multi-threaded screenshot scraper. More

Onefuzz — A self-hosted Fuzzing-as-a-Service Platform More

RECOMMENDATIONS

You should watch—and get your loved ones to watch—The Social Dilemma. It's a documentary about how social media is attacking our mental health and our democracy. Extremely well done. More

APHORISMS

"Simplicity is the extreme degree of sophistication."

~ Leonardo da Vinci