A lot of people have questions about the concept of DNS Rebinding attacks, and many of the overviews dive too deep into the details. Here’s a simple explanation that should help those having trouble getting it. DNS Rebinding lets you send commands to systems behind a victim’s firewall, as long as they’ve somehow come to a domain you…
The Problem With Pinker’s Positivity
I recently finished Steven Pinker’s Enlightenment Now, which was remarkably well done. I particularly loved the later chapters on science and reason, which talked about how far these have brought our society, and how far they can continue to take us. In general, the book argued—similar to his previous work The Better Angels of Our Nature—that we should…
How to Become a Superforecaster
I just finished Steven Pinker’s latest book, Enlightenment Now, which turned out to be fantastic. I was frustrated in the first two-thirds of the book for reasons I won’t go into here (it seemed too positive while ignoring negatives), but the final several chapters were spectacular. Those chapters mostly focused on science and reason, and why they’re so…
The Difference Between Ex-Ante, Post Hoc, Ex Post, A Priori, and A Posteriori
If you do a lot of (good) reading you have probably run into a few highbrow, Latiney sounding phrases like those in the title of this post. I’m guessing you almost looked them up several times, but if you’re here you finally did. Well done. Here they are. Ex Ante means before the event, and is basically a…
The Evolution of the SOC and the CSIRT
We’re starting to see significant debate around the terms SOC vs. CSIRT, and which one companies should have. As with most such debates in tech—which is moving almost as fast as we can lock down definitions—the issue is largely one of semantics. To start, Wikipedia says a SOC is a centralized unit that deals with security issues on…
Why I Use a Single-screen iPhone Configuration
There are lots of ways to organize the apps on your phone. You can have lots of screens of single apps, or you can have lots of screens of app folders, or you can have something in-between. I do something simpler. I have one screen of apps, and everything else I have to invoke via the down-swipe. Not…
New Study Shows You Can Predict Credit Rating From Your Online Tech Fingerprint
For anyone who’s been worried that their online fingerprint was going to be used against them, this paper will provide them their vindication. Here’s how they describe the analysis: As a simple example, every website can effortlessly track whether a customer is using an iOS or an Android device; or track whether a customer comes to the website…
What The Code of Hammurabi Can Teach Us About Hardware and Software Liability
The Information Security community has been debating software reliability for decades. Some say software is too advanced to place guarantees on it. And others say that unless we hold creators/builders responsible, nothing will improve. Nassim Taleb’s Skin in the Game is what got me thinking about this topic. As it turns out, the most ancient law that we…
My Thoughts on America in June of 2018
I’ve been writing more defined and concise posts lately—usually clean ideas that have a beginning and an end. I like it, and I plan to keep doing it. But not today. Today I just need to write. Today this will be an old-school blog, or a journal. There are a lot of things happening in America right now.…
Tactical Advice for Clearing Depression
I have been drawn to questions of happiness and fulfillment for much of my adult life. I’m not sure the reason for that, but I think it’s a combination of some things in my family history, it being an extremely hard problem, and the fact that so many people I know are deeply unhappy. The suicide rate in…
Free Will’s Absurdist Paradox
Philosophers and scientists have been debating the concept of free will for centuries. While there are many nuances and subtleties, there are generally three main positions. Libertarian Free Will is the idea that we have a completely free will that is not significantly determined by our makeup or our surroundings. Basically, our choices are our own, and physics…
The Platform and Candidate That America Needs in 2020
America has been stumbling for quite some time due to its lack of adaptation to a changing world. The classes are separating again (as they always do when there’s no catastrophe), we’re about to lose even more jobs to automation and AI, and it’s becoming increasingly difficult for average Americans to afford basic items like rent, healthcare, education,…
Security and Privacy Are Not As Different As People Think
There’s a common belief in InfoSec circles that Security and Privacy are related, but that they’re different enough to constantly mention the distinction. I don’t think the difference should matter much to defenders much at all, and in fact if you look close enough the distinction nearly vanishes. They are simply different aspects of the unified goal of…
Examined But Absurd (A Poem)
How strange it is that we live this way Unable to know what next we’ll say We feel control that cannot be And sense a freedom we cannot see Some drive to push and conquer all And those who don’t deserve to fall But what’s deserve when no options exist For the poor are just those with luck…
The Most Exciting Features from the WWDC 2018 Keynote
This year’s WWDC Keynote was all about software, and it had updates for iOS, macOS, watchOS, and tvOS. Here were my favorites. iOS Share back in photos Siri shortcut integrations Shortcut editor Travel plans Heading home Screentime Time limits Allowances Memoji Personalized animoji Group FaceTime with up to 32 people Pivot directly from Messages to group FaceTime watchOS…
How to Have Amazon Polly’s AI Voice Read Your Newsletter as a Podcast
I’ve just published my first podcast episode (Episode 128) using Amazon Polly—Amazon’s AI-based text-to-speech engine. Listen to the episode here. It’s quite good—much better than the few others that I’ve tried. What I quite like about it for my podcast is that I can use SSML syntax to insert pauses at appropriate points. For example, I like a…
Unsupervised Learning: No. 128
This week’s episode of Unsupervised Learning is now available. Subscribe below and get this episode’s podcast and newsletter. This week’s topics: Pentagon background checks, China using machine learning in schools, Rusian ethnicity detecting AI, US Military presence in Africa, Atlanta lost dashcam footage, Kidnapping insurance, Technology News, Ideas, Recommendation, Aphorism, and more… Listen to this week’s Podcast Become…
Automated Situational Interpretation and Prediction (ASIP)
Any time you see us using cameras to feed a Machine Learning algorithm, I think we’ll start calling that Machine Learning Vision, and, eventually, Computer Vision. The key point is that computers can parse video (and other sensor data) and figure out things that even humans cannot. The combination of audio, video, heat, other types of EM waves,…
I’m Not (Overly) Concerned About Smart Speaker Security, And You Shouldn’t Be Either
I have a 1,001 friends in InfoSec who I hear things like this from on a regular basis: I’d never put one of those things in MY house! I’m in security! They’re going to find flaws in those things, you wait and see! Then when something happens, like a private conversation being sent to a random person, they…
Economic Inequality is the Norm, Not the Exception
I read and think a lot about technology, automation and how it will impact humanity. One of the most important dynamics there is the potential for technology to increase income inequality, and for automation to take jobs from those who need them most. For some reason—perhaps my being born and raised in the San Francisco Bay Area—I have…
The Single Reason Harry Potter is Better Than the Marvel MCU
I’ve been having a heated discussion with a friend about why I can only take Marvel movies so seriously, and why it’s objectively lower quality entertainment than Harry Potter. There are spoilers below for Harry Potter, Infinity War, Deadpool 2, and The Bible. The answer is death. Humans, as a rule, don’t value that which they cannot lose,…
Security Report Analysis: 2018 DBIR Report
In this Security Report Analysis (SRA) series I look at various security reports and pull out the main points. This doesn’t replace a complete and detailed read of these reports, but it exposes you to some of the key takeaways that you might not otherwise have seen. REPORT: The 2018 DBIR Report Key points These points are a…
The Waking Up Podcast: Sam Harris vs. Sean Carroll on Free Will
Sam Harris recently had Sean Carroll on his Waking Up podcast, and to my delight they arrived pretty quickly at the free will topic. You can read more of my free will content here. Carroll is both a physicist and a compatibilist, which was both surprising and exciting. It was surprising because I naturally expect hard science types…
John Gruber Wrong About the Duplex Demo
John Gruber of Daring Fireball took a big shot at Google Duplex recently. He basically said that the way the demo was conducted should make us doubt the legitimacy of the tech. Why not demo it live? Why only play recordings? When is it rolling out to actual customers? Was there a hands-on after the event where members…
The Future of Content Destroys the Middleman
I think the content creation ecosystem—especially around blogging—will be ultimately disrupted by the rise of three interlocking componets: Digital Assistants APIs Customized interfaces Google Duplex just gave us a preview of how natural it’ll soon be to interact with assistants. This is currently quite different. There is no Digital Assistant yet, and content and interface are currently merged…
America is Rotting
We in the West are in the beginning—or perhaps the middle of—a catastrophic crisis of meaning. Many of us sense it. We know it’s happening. But it’s hard to corner and identify. And it’s even more difficult when authors like Steven Pinker use all of their intellectual powers to convince us that things are in fact getting better.…
Thoughts on Podcast vs. Newsletter Content
I’m thinking of stopping my regular podcast and only doing my weekly update in Newsletter form. There are a number of reasons. Far more people consume the newsletter. The podcast is actually just the newsletter content (sometimes with some opinion added). The newsletter is hard enough to get out, let alone having enough energy on Sunday to record…
If You’re Not Doing Continuous Asset Management You’re Not Doing Security
The more a company can tell me about their assets the better their security is, and the more comprehensive and realtime the inventory is, the more mature they are. This has been true for me over 15 years of consulting across hundreds of organizations. Click here to listen to the audio version of this essay. But just try—either…
Announcing the Launch of HELIOS
For a number of years I’ve been waiting to launch a project of mine called HELIOS. HELIOS actively monitors a company’s external attack surface in near-realtime and notifies you when it finds anything dangerous. I’m super excited about it, and I think it’s going to help a lot of companies. Ping me with any questions! [ HELIOS: Know…
Facebook’s Failure is a Reflection of American Ignorance
Facebook didn’t fail anyone. We failed ourselves. Sure, they could have been a bit more careful with some settings, but it’s not like they accidentally shared data with a third party. The way Cambridge Analytica accessed the data was completely authorized—it was just what they did with the data that was bad. Facebook’s entire business model is sharing…
My Postmortem Summary of The Sam Harris & Ezra Klein Podcast
If you’re a fan of Sam Harris or Ezra Klein you know that they’ve been engaged in a year-long online skirmish that recently culminated in a direct face-off in the format of a podcast. Listening to the podcast first would be helpful, but not necessary, to appreciate this analysis. I’ve been waiting to hear this interaction finally play…
Unsupervised Learning: No. 120
This week’s episode of Unsupervised Learning is now available. Subscribe below and get this episode’s podcast and newsletter. This week’s topics: It’s 2 billion users now, Liinux beep, Digital Shadows finds fail files, cloud misconfiguration, AlterEgo, AI applications, Alexa sending payments, Tech, Ideas, Recommendation, Aphorism, and more… Listen to this week’s Podcast Become a Member to Get This…
Online Education May Be Poised to Replace Dying Universities
Higher education is in the middle of an elaborate suicide ritual. It’s implements are: skyrocketing costs to students financial failure outdated content (often by decades) an academic infrastructure that seeks tenure rather than excellence an extreme-left attack on freedom of speech These are all combining to put traditional universities at risk. It’s hard impossible to predict the future,…
The Definition of Security is “Without Worry”
A lot of people in Information Security think security means “stopping bad things from happening”. It’s understandable, given that we’ve been practicing it that way for decades now. Basically, security has been synonymous with prevention for as long as most can remember, and that’s the way the entire industry is configured and oriented. But there’s another, far deeper…
Unsupervised Learning: No. 119
This week’s episode of Unsupervised Learning is now available. Subscribe below and get this episode’s podcast and newsletter. This week’s topics: Atlanta disabled, MyFitnessPal hacked, Cambridge Analytica election tampering, Drupal, Saks, DARPA drones, Cloudflare 1.1.1.1, Slack bosses, Democratic Chinese AIs, Georgia facepalm, tech, humans, ideas, and more… Listen to this week’s Podcast Read this week’s Newsletter
Why I Switched from Patreon to Memberful
Like many people I’ve been soured on ads and sponsors for my podcast and newsletter: Unsupervised Learning. If you hav a decent following it’s actually possible to make a significant living off of both sponsors and ads—and especially sponsors. At one point I was getting a couple thousand a month from just a couple of sponsors, and I…
DevOps as the Art and Science of Deliberate Practice
The best definition I’ve ever heard for DevOps is the ability to practice frequently and well. I prefer DevOps to DevSecOps because I feel security should be part of both development and operations, but I also see the merit in calling it out where this isn’t regular practice. I think there is a powerful analog here to professional…
Analysis of the 2018 F5 Threat Intel Report
F5 just released a threat intel report that covered 433 breach cases spanning 12 years, 37 industries, and 27 countries. When companies release reports like these I go through them and extract nuggets for those who don’t have time to look at the full report. You will find the extraction for this report below. Applications were the initial…
Learn the Difference Between Real and Fake Machine Learning
There are few technologies as misunderstood right now as Machine Learning. Some think it’s 100% hype, sales, and marketing, and others think it’s humanity’s Messiah in the form of math and code. Unfortunately, there’s currently not a lot of space between those two extremes. Here’s how I think about it. Machine Learning is much like Love and Sex.…
Unsupervised Learning: No. 116
This week’s episode of Unsupervised Learning is now available. Subscribe below and get this episode’s podcast and newsletter. This week’s topics: Chinese at CanSecWest, Applebees POS, Palantir, Poisoning, TensorFlow DoD, Amazon laughing, Google 72-qbits, Amazon FinTech, Android P, and more… Listen to this week’s Podcast Become a Member to Get This Week’s Newsletter
The Two Kinds of Privacy Loss
I like to think about our impending loss of privacy as two separate issues. The first type is against the will of the victim and is caused by malice and/or negligence on the part of the entity with your data. This is where you trust your data to a company, and they sell that data to a number…
How to Download the Data Facebook Has on You
People are becoming increasingly worried about the data that Facebook and other social media sites have on them. Luckily, the platforms make it fairly easy to download that data to see for yourself. For Facebook, here’s the process. 1. Go to any Facebook page and hit the down arrow in the corner. 3. Click “Download a Copy of…
Why Software Remains Insecure
There are myriad theories as to why software remains insecure after we’ve spend decades trying to solve the problem. Common reasons include: the lack of will to secure things the lack of vendor liability the use of insecure languages insufficient developer training not enough security products not enough security professionals etc… But there’s a far simpler and more…
Success in Life is Determined Most by Parental Culture, Not the Quality of Schools
I think one of the least know truths in liberal circles is that family culture determines educational and financial success far more than school quality. I was born and raised in the San Francisco Bay Area, and we’ve been raised to believe that good schools have lots of resources—like new textbooks, better teachers, etc.—and that students in poor…
Unsupervised Learning: No. 115
This week’s episode of Unsupervised Learning is now available. Subscribe below and get this episode’s podcast and newsletter. This week’s topics: GitHub DDoS, Celebrite Attacks, AI warnings, Palantir in New Orleans, Grub Backspace, 4G attacks, Space Corps, Amazon wins Defense Department deal, tech news, human news, discovery, notes, recommendation, aphorism, and more… Listen to this week’s Podcast Read…
When Companies Stop Caring About Data Loss, Risk Will Be Resilience-based and Focused on Business Disruption and Human Safety
In 2013, I looked briefly at how being hacked affects a company’s stock price. More people are looking at this now, and the evidence seems to show that there is often a major dip, but after 6 to 12 months it’s hard to even notice it happened. I’ve been worried for a long time that we’re getting Breach…
Safe Schools Are the New Luxury Item Because Now Only the Rich Have Stable and Present Families
We just saw another school shooting—this time in Parkland, Florida. The shooter was some kind of foster kid with serious hate in his heart, obviously. The foster parents were devastated, and evidently tried to give him love, but the damage seems to have been too great. He had a history of violence problems, a fascination with guns and…
Unsupervised Learning: No. 113
This week’s episode of Unsupervised Learning is now available. Subscribe below and get this episode’s podcast and newsletter. This week’s topics: Parkland tampering, Avoid Huawei, Bongo S3, Facebook 2FA Spam, Android Cryptojacking, Spyware Hacking, Password Dating, Technology News, Human News, Trends, Ideas & Analysis, Data & Statistics, Discovery, Recommendations, Aphorism, and more… Listen to this week’s Podcast Read…
Expect Deep Learning to be Used By Schools to Predict Violence
Get ready for Palantir-style, AI-based violence prediction on school campuses. There are far too many situations where it happens and basically everyone knew that person would be the perpetrator. This should be used for social work as well, but the more people who get to use it the more people get the data. If the perpetrator is often…
Information Security Professionals Cannot Be Luddites
I'm starting to realize that many infosec people are luddites rather than technologists.Not a good look for us.We need to be the shepherds, not the crazy people belting out scripture at people on the street.— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler) February 18, 2018 I just posted this on Twitter after being frustrated again by how a lot of my fellow…
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 43
- Next Page »