Daniel Miessler

Unsupervised Learning: No. 228

News & Analysis
May 11, 2020
#ai #reading #business #culture #cybersecurity #future #nationalsecurity #productivity #society #technology #writing

MEMBER EDITION | EP. 228 | May 11, 2020

THIS WEEK’S TOPICS: Thunderbolt Attack, Celebrity Ransomware, ClearView Government, Blackhat DEFCON Virtual, War Thunder, 5G Bio Attacks, PC Game Cheating, Zoom Keybase, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

 

SECURITY NEWS

There's a new physical (evil maid) attack against Windows and Linux systems that lets an attacker bypass the lock screen for a system in under 5 minutes. The research will be shown at this year's BlackHat conference, which—along with DEFCON—is now virtual. More

A major ransomware attack has been launched against a private legal firm that does work for top TV and movie celebrities, including people like DeNiro, The Weekend, and David Letterman. They're threatening to release over a terabyte of dirt on the clients unless the law firm pays the ransom. More

Clearview AI says it's only going to sell its services to government-related customers from now on. No more private sales. Interesting, but I wonder if that'll be enough to stop the deluge of lawsuits that are already inbound. More

Blackhat and DEFCON have gone virtual this year. Don't go to Vegas. It's really canceled this time. More

Officials in Seoul have re-closed their bars indefinitely because somewhere between 27 and 40 new cases of COVID-19 were associated with people gathering there. More

The US Army is using an MMO called War Thunder to train cavalry troops during the quarantine. The game allows soldiers to get familiar with multiple roles in a way that's difficult and expensive to do in real life. More

A cybersecurity company in Israel says a group of hackers called Naikon, which is thought to be associated with the Chinese military, has released a new tool called Aria-body. They say the tool uses multiple techniques to make it easy to gain control over systems and remain undetected. More

A 5G conspiracy theorist spat on a broadband engineer in London, making him very sick shortly after. Meanwhile, 77 5G towers have been attacked throughout the UK by similar ilk. More

PC games are struggling with a rise in cheating related to the pandemic and a massive surge in players. My buddy Jason and I created the OWASP Game Security Framework to start to address this kind of stuff in a structured way, but it's currently on hold while he works at a gaming company. More 

Zoom has purchased Keybase, which has confused a lot of people in the industry. Including me. The Grugq thinks it's a signal that they're not going to let someone like China gain access to their data. I've not thought a lot about it, but that seems smart. More

Advisories:

  • vBulletin has a critical vulnerability. Patch immediately if you have it. More

  • Cisco has patched multiple high severity vulns in its security products. More

  • There's a one-MMS ownage attack against Samsung phones. More

  • SAP has vulns in its cloud products. More

TECHNOLOGY NEWS

Tesla just reopened its Fremont factory, against the orders of the county. And this is after Musk said he's leaving California for Texas or Florida. These types of outbursts seem to be a common downside of having that much creativity and eccentricity. More

Omilia rased $20 million to use AI for customer support. Don't worry, though, all those millions of customer service people can probably just pivot to coding. More

Amazon has just released Kendra, which is kind of like their take on Splunk, only powered on the backend by AI/NLP. So you're supposed to be able to just type what you're looking for and have it magically come back with the answer. All I can say is that I'm happy that companies like Splunk and Amazon and Google are all competing on this. More

Someone created a modular synth, called Synthspace, in virtual reality. More

Over 44 million US adults are supposedly borrowing someone else's streaming account. More

HUMAN NEWS

Finland is abandoning subject-based learning, and is moving to Phenomenal Education. where real-world phenomenon are the foundation of learning. The idea is to have the class explore a real-world situation that crosses multiple disciplines. More

ER visits are down 40-50%, and doctors are concerned. A lot of those are strokes and heart attacks, and the concern is that they're happening and people are just dying at home. More

The New York Times did a great story on job loss in April, which ended up being 20 million jobs. But the highlight was the data visualization they used for the piece. It's a chart showing losses and gains over time, with this massive red line that goes downards on the right side of the page. It looks like a margin, but it's the actual to-scale indicator of how much we've lost relative to previously. More

NASA is making a serious attempt to land a human on the moon by the end of 2024. More

IDEAS, TRENDS, & ANALYSIS

A Three-Tiered Approach to Securing Your Home Network More

Websites are starting to all look the same. More

The VR Winter, by Benedict Evans More

Peloton continues to absolutely crush it. Revenue is up 66% over last quarter. I think it hits all the notes of exercise, social interaction, and status symbol. More

I Was Tricked Into Thinking I Had Grit More

UPDATES

I just saw this article about The Last Unicorn, which massively affected me as a kid. And I just watched The Never Ending Story as well, which I also hadn't done since childhood. The Never Ending Story was particularly powerful for me, and I think it was probably the whole bridge between fantasy and reality that got me. I was devastated when Atreyu lost his horse. And the princess altered my universe long before I knew girls were a thing.

I'll be speaking at DEFCON this year in the Red Team Village. The topic will be automating recon using Linux.

DISCOVERY

A Photographer Who Tinkers With Time More

Encouraging a Culture of Written Communication. More

This guy created a blog that's powered by Google Docs. More

Now is the perfect time to memorize a poem. More

I haven't started listening yet, but I just subscribed to a podcast called War on the Rocks. It's about security, intelligence, national policy, and that sort of thing. More

This guy documents his setup of using Mutt and Vim for email. More

Celebrities are reading Harry Potter for the public. More

Vim as a Markdown editor. More

Using Nmap as a lightweight vuln scanner. More

SSHPrank — An SSH scanner and banner grabber based on Python and Masscan. More

Words Scraper — A Selenium-based web scraper to generate password lists. More

Gf-Patterns — A bunch of content specific patterns for TomNomNom's gf utility, e.g., ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic. More

RECOMMENDATIONS

As many of you know, I normally watch very little TV. But I've used the lockdown as an excuse to binge basically anything of significant reputation. In my travels so far I have three recommendations, in this order:

  1. After Life

  2. DEVS

  3. Upload

The less you know the better. Just trust me. If you like this newsletter, you'll probably love these.

APHORISMS

"Success consists of going from failure to failure without loss of enthusiasm."

~ Winston Churchill

HOME·BLOG·ARCHIVES·ABOUT