MEMBER EDITION | Episode 298 | Monday: September 13, 2021
SECURITY NEWS
Yandex repelled a DDoS attack of 22 million requests per second, which they said was the largest in history. The botnet that launched it is called Meris, and it also hit KrebsOnSecurity >. More >
Attackers leaked 500,000 Fortinet VPN accounts. More >
The LAPD, as well as other police departments, are starting to collect social media aliases as part of the interview process. Many people ask about aliases already, which are like nicknames that people might go by, but this opens the door to social media surveillance in the future. It's one of those things that seems fairly benign but could be troubling if abused. More >
Content creators in Kenya are being paid to spread disinformation about journalists and activists. It's a strange world where powerful governments and individuals might not have to spend millions to change public perception. Maybe in the future it becomes paying off the right group of TikTok people, or finding other way to be in their favor. Like do governments and intelligence organizations have lists of influencers that they're treating like government officials at this point? Connecting, angling, and grooming? More >
It appears REvil is back up and running, and is targeting new victims. More >
ProtonMail deleted the text from their site that said "we don't log your IP", and everyone is giving them grief. I don't blame them. I blame people who believe they could do what they thought they were doing. They're a technology company. They have lots and lots of customers, many of which are probably doing shady stuff. If you choose to house your email there, you should absolutely expect to take law enforcement scrutiny shrapnel from the activities of your fellow customers. If you don't want the chance of the police busting into your nice Italian dinner, don't eat at the mob's favorite restaurant. Cook at home. More >
Germany says Russia's Ghoswriter group is attempting to use cyber to interfere in its upcoming elections. More >
Vulnerabilities
Incidents:
Howard University had to shut down its network after a ransomware attack. More >
Companies:
Snyk raises $300 million to do open source security scanning. More >
TECHNOLOGY NEWS
Facebook partnered with Ray-Ban to launch a pair of glasses, but given Zuckerberg's focus on AR they are quite underwealming. They're essentially regular Ray-Bans, but with the ability to take pictures and video and send that footage to a new Facebook app. There's no VR aspect whatsoever. So it's like all of the privacy violation with none of the AR benefit. Unless they really surprise in the camera quality or usage category, I don't see people replacing the good-ol "pull out your phone" move, especially when you consider the discomfort people will have when talking to you while you're wearing them. More >
Starting in January of 2022, Amazon is going to pay for college for all of its 750,000 US-based frontline workers. This is how the corporations take over—like the terrorists actually—by providing core services that the government wasn't providing. I'm not saying this is bad, by the way. I think it's fantastic. But it's another sign of corporate ascension when they're doing more to educate US workers than the federal government. More >
Google's getting a dark mode for its front page. I think that's cool because it's a lot fewer pixels sending light into the world, but I'm also wondering what percentage of people go to the page vs. just searching from the URL bar of their browser. I've not gone to Google's front page in over a decade. More >
Retail is about to outspend banking in AI investment. Inventory management, personalization in search and shopping, and many other use cases are driving the push. More >
Whole Foods is about to get the cashierless "just walk out" technology that started with small Amazon-branded stores. But don't worry, the cashiers will just become coders. More >
Amazon is now in the TV business, releasing its own actual TV hardware. They have hands-free Alexa and are priced at around $400 and up. More >
Companies:
Mastercard has purchased CipherTrace to help it deal with security and fraud threats in the crypto space. More >
HUMAN NEWS
New studies out of the CDC say the unvaccinated are 5X more likely to catch Delta, and 11X more likely to die. Those numbers seem low. I would expect your chance of getting it if vaccinated to be far lower than just 5X reduced. But maybe that's just how potent Delta is. I guess it's just a reminder to behave largely as if you're not vaccinated. More >
MDMA opens child-like "critical periods" in mice brains that promote mental healing. It seems this might be closely related to why it pairs so well with cognitive behavioral therapy. More >
The Pirate Bay of science papers has added 2 million new studies. More >
According to SIFMA, the US National Debt hit 28.1 trillion on March 31, 2021. Foreign governments hold around 1/3 of the public debt, and the US's banks and individuals own the other 2/3. Japan and China have about $1 trillion of our debt apiece. More >
Andrew Yang is launching a third party along with his new book in October. I'll be reading the book and following the effort's progress. Although I have to confess I'm not optimistic on the third party front. More >
CONTENT, IDEAS & ANALYSIS
Thoughts on the OWASP Top 10 for 2021 — My initial thoughts on this year's flagship OWASP release. More >
Amazon is Capitalism — How I think of Amazon and its success amid its competitors. More >
A Solution to the Ship of Theseus — My solution to the changing object thought experiment. More >
A Different Kind of Work-from-Home — There are companies that will help you make money off of the stuff you already own. More >
Risk vs. Process Tolerance — As you scale, you add people with tolerance for different things. More >
NOTES
I just finished the 9th book in the Cradle series >, and am now starting the UL Book Club book of the month, which is Mastermind. I'm also reading The Big Picture >, by Sean Carroll. Recently finished include a book on climate called Unsettled >, which didn't annoy me as much as I thought it would. And Fourth Thousand Weeks >, which I thought was a time management book, but ended up being more like a Time Management Philosophy book.
I'm surprisingly excited by the trailer for the new Matrix. More >
I'll be watching the Apple event Tuesday morning. I'm keen to see the new watch, and to hear if they address the CSAM controversy directly. I'm betting they do.
DISCOVERY
A fascinating blog post on Open Redirect vulnerabilities. More >
Mistakes I've Made Using AWS More >
Amazon's combination of tech surveillance and metrics to get more out of workers deserves its own name: Bezosim More >
htmlq — A tool like jq, but for HTML. More >
RECOMMENDATIONS
If you are a leader or know someone trying to become one, The Dichotomy of Leadership > should be at the top of the list for reading to read. Skip the first one they wrote together. This is the book that should have been. The reason it's so powerful is because it talks about various spectrums that need to be balanced for different situations, rather than prescribing one particular approach. It's easily the best leadership book I've ever read. More >
APHORISMS
"Silence is worse; all truths that are kept silent become poisonous."
~ Nietzche