Unsupervised Learning: No. 228

News & Analysis
May 11, 2020

MEMBER EDITION | EP. 228 | May 11, 2020

THIS WEEK’S TOPICS: Thunderbolt Attack, Celebrity Ransomware, ClearView Government, Blackhat DEFCON Virtual, War Thunder, 5G Bio Attacks, PC Game Cheating, Zoom Keybase, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

 

SECURITY NEWS

There's a new physical (evil maid) attack against Windows and Linux systems that lets an attacker bypass the lock screen for a system in under 5 minutes. The research will be shown at this year's BlackHat conference, which—along with DEFCON—is now virtual. More >

A major ransomware attack has been launched against a private legal firm that does work for top TV and movie celebrities, including people like DeNiro, The Weekend, and David Letterman. They're threatening to release over a terabyte of dirt on the clients unless the law firm pays the ransom. More >

Clearview AI says it's only going to sell its services to government-related customers from now on. No more private sales. Interesting, but I wonder if that'll be enough to stop the deluge of lawsuits that are already inbound. More >

Blackhat and DEFCON have gone virtual this year. Don't go to Vegas. It's really canceled this time. More >

Officials in Seoul have re-closed their bars indefinitely because somewhere between 27 and 40 new cases of COVID-19 were associated with people gathering there. More >

The US Army is using an MMO called War Thunder to train cavalry troops during the quarantine. The game allows soldiers to get familiar with multiple roles in a way that's difficult and expensive to do in real life. More >

A cybersecurity company in Israel says a group of hackers called Naikon, which is thought to be associated with the Chinese military, has released a new tool called Aria-body. They say the tool uses multiple techniques to make it easy to gain control over systems and remain undetected. More >

A 5G conspiracy theorist spat on a broadband engineer in London, making him very sick shortly after. Meanwhile, 77 5G towers have been attacked throughout the UK by similar ilk. More >

PC games are struggling with a rise in cheating related to the pandemic and a massive surge in players. My buddy Jason and I created the OWASP Game Security Framework to start to address this kind of stuff in a structured way, but it's currently on hold while he works at a gaming company. More > 

Zoom has purchased Keybase, which has confused a lot of people in the industry. Including me. The Grugq thinks > it's a signal that they're not going to let someone like China gain access to their data. I've not thought a lot about it, but that seems smart. More >

Advisories:

  • vBulletin has a critical vulnerability. Patch immediately if you have it. More >

  • Cisco has patched multiple high severity vulns in its security products. More >

  • There's a one-MMS ownage attack against Samsung phones. More >

  • SAP has vulns in its cloud products. More >

TECHNOLOGY NEWS

Tesla just reopened its Fremont factory, against the orders of the county. And this is after Musk said he's leaving California for Texas or Florida. These types of outbursts seem to be a common downside of having that much creativity and eccentricity. More >

Omilia rased $20 million to use AI for customer support. Don't worry, though, all those millions of customer service people can probably just pivot to coding. More >

Amazon has just released Kendra, which is kind of like their take on Splunk, only powered on the backend by AI/NLP. So you're supposed to be able to just type what you're looking for and have it magically come back with the answer. All I can say is that I'm happy that companies like Splunk and Amazon and Google are all competing on this. More >

Someone created a modular synth, called Synthspace, in virtual reality. More >

Over 44 million US adults are supposedly borrowing someone else's streaming account. More >

HUMAN NEWS

Finland is abandoning subject-based learning, and is moving to Phenomenal Education. where real-world phenomenon are the foundation of learning. The idea is to have the class explore a real-world situation that crosses multiple disciplines. More >

ER visits are down 40-50%, and doctors are concerned. A lot of those are strokes and heart attacks, and the concern is that they're happening and people are just dying at home. More >

The New York Times did a great story on job loss in April, which ended up being 20 million jobs. But the highlight was the data visualization they used for the piece. It's a chart showing losses and gains over time, with this massive red line that goes downards on the right side of the page. It looks like a margin, but it's the actual to-scale indicator of how much we've lost relative to previously. More >

NASA is making a serious attempt to land a human on the moon by the end of 2024. More >

IDEAS, TRENDS, & ANALYSIS

A Three-Tiered Approach to Securing Your Home Network More >

Websites are starting to all look the same. More >

The VR Winter, by Benedict Evans More >

Peloton continues to absolutely crush it. Revenue is up 66% over last quarter. I think it hits all the notes of exercise, social interaction, and status symbol. More >

I Was Tricked Into Thinking I Had Grit More >

UPDATES

I just saw this article about >The Last Unicorn >, which massively affected me as a kid. And I just watched The Never Ending Story as well, which I also hadn't done since childhood. The Never Ending Story was particularly powerful for me, and I think it was probably the whole bridge between fantasy and reality that got me. I was devastated when Atreyu lost his horse. And the princess altered my universe long before I knew girls were a thing.

I'll be speaking at DEFCON this year in the Red Team Village. The topic will be automating recon using Linux.

DISCOVERY

A Photographer Who Tinkers With Time More >

Encouraging a Culture of Written Communication. More >

This guy created a blog that's powered by Google Docs. More >

Now is the perfect time to memorize a poem. More >

I haven't started listening yet, but I just subscribed to a podcast called War on the Rocks. It's about security, intelligence, national policy, and that sort of thing. More >

This guy documents his setup of using Mutt and Vim for email. More >

Celebrities are reading Harry Potter for the public. More >

Vim as a Markdown editor. More >

Using Nmap as a lightweight vuln scanner. More >

SSHPrank — An SSH scanner and banner grabber based on Python and Masscan. More >

Words Scraper — A Selenium-based web scraper to generate password lists. More >

Gf-Patterns — A bunch of content specific patterns for TomNomNom's gf utility, e.g., ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic. More >

RECOMMENDATIONS

As many of you know, I normally watch very little TV. But I've used the lockdown as an excuse to binge basically anything of significant reputation. In my travels so far I have three recommendations, in this order:

  1. After Life

  2. DEVS

  3. Upload

The less you know the better. Just trust me. If you like this newsletter, you'll probably love these.

APHORISMS

"Success consists of going from failure to failure without loss of enthusiasm."

~ Winston Churchill

Thank you for reading...