MEMBER EDITION | Episode 298 | Monday: September 13, 2021
SECURITY NEWS
Yandex repelled a DDoS attack of 22 million requests per second, which they said was the largest in history. The botnet that launched it is called Meris, and it also hit KrebsOnSecurity. More
Attackers leaked 500,000 Fortinet VPN accounts. More
The LAPD, as well as other police departments, are starting to collect social media aliases as part of the interview process. Many people ask about aliases already, which are like nicknames that people might go by, but this opens the door to social media surveillance in the future. It's one of those things that seems fairly benign but could be troubling if abused. More
Content creators in Kenya are being paid to spread disinformation about journalists and activists. It's a strange world where powerful governments and individuals might not have to spend millions to change public perception. Maybe in the future it becomes paying off the right group of TikTok people, or finding other way to be in their favor. Like do governments and intelligence organizations have lists of influencers that they're treating like government officials at this point? Connecting, angling, and grooming? More
It appears REvil is back up and running, and is targeting new victims. More
ProtonMail deleted the text from their site that said "we don't log your IP", and everyone is giving them grief. I don't blame them. I blame people who believe they could do what they thought they were doing. They're a technology company. They have lots and lots of customers, many of which are probably doing shady stuff. If you choose to house your email there, you should absolutely expect to take law enforcement scrutiny shrapnel from the activities of your fellow customers. If you don't want the chance of the police busting into your nice Italian dinner, don't eat at the mob's favorite restaurant. Cook at home. More
Germany says Russia's Ghoswriter group is attempting to use cyber to interfere in its upcoming elections. More
Vulnerabilities
Incidents:
Howard University had to shut down its network after a ransomware attack. More
Companies:
Snyk raises $300 million to do open source security scanning. More
TECHNOLOGY NEWS
Facebook partnered with Ray-Ban to launch a pair of glasses, but given Zuckerberg's focus on AR they are quite underwealming. They're essentially regular Ray-Bans, but with the ability to take pictures and video and send that footage to a new Facebook app. There's no VR aspect whatsoever. So it's like all of the privacy violation with none of the AR benefit. Unless they really surprise in the camera quality or usage category, I don't see people replacing the good-ol "pull out your phone" move, especially when you consider the discomfort people will have when talking to you while you're wearing them. More
Starting in January of 2022, Amazon is going to pay for college for all of its 750,000 US-based frontline workers. This is how the corporations take over—like the terrorists actually—by providing core services that the government wasn't providing. I'm not saying this is bad, by the way. I think it's fantastic. But it's another sign of corporate ascension when they're doing more to educate US workers than the federal government. More
Google's getting a dark mode for its front page. I think that's cool because it's a lot fewer pixels sending light into the world, but I'm also wondering what percentage of people go to the page vs. just searching from the URL bar of their browser. I've not gone to Google's front page in over a decade. More
Retail is about to outspend banking in AI investment. Inventory management, personalization in search and shopping, and many other use cases are driving the push. More
Whole Foods is about to get the cashierless "just walk out" technology that started with small Amazon-branded stores. But don't worry, the cashiers will just become coders. More
Amazon is now in the TV business, releasing its own actual TV hardware. They have hands-free Alexa and are priced at around $400 and up. More
Companies:
Mastercard has purchased CipherTrace to help it deal with security and fraud threats in the crypto space. More
HUMAN NEWS
New studies out of the CDC say the unvaccinated are 5X more likely to catch Delta, and 11X more likely to die. Those numbers seem low. I would expect your chance of getting it if vaccinated to be far lower than just 5X reduced. But maybe that's just how potent Delta is. I guess it's just a reminder to behave largely as if you're not vaccinated. More
MDMA opens child-like "critical periods" in mice brains that promote mental healing. It seems this might be closely related to why it pairs so well with cognitive behavioral therapy. More
The Pirate Bay of science papers has added 2 million new studies. More
According to SIFMA, the US National Debt hit 28.1 trillion on March 31, 2021. Foreign governments hold around 1/3 of the public debt, and the US's banks and individuals own the other 2/3. Japan and China have about $1 trillion of our debt apiece. More
Andrew Yang is launching a third party along with his new book in October. I'll be reading the book and following the effort's progress. Although I have to confess I'm not optimistic on the third party front. More
CONTENT, IDEAS & ANALYSIS
Thoughts on the OWASP Top 10 for 2021 — My initial thoughts on this year's flagship OWASP release. More
Amazon is Capitalism — How I think of Amazon and its success amid its competitors. More
A Solution to the Ship of Theseus — My solution to the changing object thought experiment. More
A Different Kind of Work-from-Home — There are companies that will help you make money off of the stuff you already own. More
Risk vs. Process Tolerance — As you scale, you add people with tolerance for different things. More
NOTES
I just finished the 9th book in the Cradle series, and am now starting the UL Book Club book of the month, which is Mastermind. I'm also reading The Big Picture, by Sean Carroll. Recently finished include a book on climate called Unsettled, which didn't annoy me as much as I thought it would. And Fourth Thousand Weeks, which I thought was a time management book, but ended up being more like a Time Management Philosophy book.
I'm surprisingly excited by the trailer for the new Matrix. More
I'll be watching the Apple event Tuesday morning. I'm keen to see the new watch, and to hear if they address the CSAM controversy directly. I'm betting they do.
DISCOVERY
A fascinating blog post on Open Redirect vulnerabilities. More
Mistakes I've Made Using AWS More
Amazon's combination of tech surveillance and metrics to get more out of workers deserves its own name: Bezosim More
htmlq — A tool like jq, but for HTML. More
RECOMMENDATIONS
If you are a leader or know someone trying to become one, The Dichotomy of Leadership should be at the top of the list for books to read. Skip the first one they wrote together. This is the book that should have been. The reason it's so powerful is because it talks about various spectrums that need to be balanced for different situations, rather than prescribing one particular approach. It's easily the best leadership book I've ever read. More
APHORISMS
"Silence is worse; all truths that are kept silent become poisonous."
~ Nietzche