Unsupervised Learning is my weekly show that provides collection, summarization, and analysis in the realms of Security, Technology, and Humans. It’s Content Curation as a Service… I spend between five and twenty hours a week consuming articles, books, and podcasts—so you don’t have to—and each episode is either a curated summary of what I’ve found in the past…

This is a Member-only episode. Members get the newsletter every week, and have access to the Member Portal with all existing Member content. Non-members get every other episode. Sign in or… Become a member and get immediate access

Unsupervised Learning is my weekly show that provides collection, summarization, and analysis in the realms of Security, Technology, and Humans. It’s Content Curation as a Service… I spend between five and twenty hours a week consuming articles, books, and podcasts—so you don’t have to—and each episode is either a curated summary of what I’ve found in the past…

This is a Member-only episode. Members get the newsletter every week, and have access to the Member Portal with all existing Member content. Non-members get every other episode. Sign in or… Become a member and get immediate access

I just finished listening to an extraordinary episode of Making Sense with Sam Harris, where Roger McNamee was the featured guest. He is a long-time tech analyst and investor, and actually used to be an advisor for Facebook before becoming an outspoken critic. Roger’s points were legion, and covered the now familiar ground regarding the collection of our…

I heard Renée DiResta on the Sam Harris podcast a while back, and was excited to learn that she just appeared on Joe Rogan as well. Her work is focused on misinformation campaigns, and she works at a place that tries to combat the problem. Anyway, I was listening to her and Joe talking, and I somehow started…

Unsupervised Learning is my weekly show that provides collection, summarization, and analysis in the realms of Security, Technology, and Humans. It’s Content Curation as a Service… I spend between five and twenty hours a week consuming articles, books, and podcasts—so you don’t have to—and each episode is either a curated summary of what I’ve found in the past…

This is a Member-only episode. Members get the newsletter every week, and have access to the Member Portal with all existing Member content. Non-members get every other episode. Sign in or… Become a member and get immediate access

RSA was good this year, but I didn’t really notice any major new trends. Nothing on the scale of—say—AI, or blockchain. But there were some disruptions that looked quite interesting. Primary themes The overall themes I saw this year were largely the same as last year, with a few notable changes. AI talk has become a lot more…

Unsupervised Learning is my weekly show that provides collection, summarization, and analysis in the realms of Security, Technology, and Humans. It’s Content Curation as a Service… I spend between five and twenty hours a week consuming articles, books, and podcasts—so you don’t have to—and each episode is either a curated summary of what I’ve found in the past…

Most people have heard that 5G is forthcoming, but few are versed on the key advantages over 4G LTE. Here’s a primer. Speed: Becasue it’ll work at much higher frequencies (many proposals use ranges over 6Ghz) you can move more data per unit of time. More Call Capacity: there will be less congestion and service degradation in busy…

This is a Member-only episode. Members get the newsletter every week, and have access to the Member Portal with all existing Member content. Non-members get every other episode. Sign in or… Become a member and get immediate access

Unsupervised Learning is my weekly show that provides collection, summarization, and analysis in the realms of Security, Technology, and Humans. It’s Content Curation as a Service… I spend between five and twenty hours a week consuming articles, books, and podcasts—so you don’t have to—and each episode is either a curated summary of what I’ve found in the past…

This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week. Become a member to get access immediately

Unsupervised Learning is my weekly show where I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30-minute podcast & companion newsletter. The goal is to catch you up on current events, show you the best content from around the web, and hopefully give you something to think…

I have two favorite conferences of the year: AppSec Cali ENIGMA ENIGMA 2019 ended today, and I wanted to do a quick capture on what I saw and found interesting there. The conference For me conferences are all about the combination of ideas, people, and conversation, and that’s what both of these do really well. First a bit…

This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week. Become a member to get access immediately

Unsupervised Learning is my weekly show where I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30-minute podcast & companion newsletter. The goal is to catch you up on current events, show you the best content from around the web, and hopefully give you something to think…

There’s currently a major backlash in the InfoSec community against so-called “smart” locks. And it’s not just by people who naturally overreact to change, or from people outside of InfoSec: there are plenty of smart people in our field—whom I respect greatly—that are making loud noises against this technology. So I want to make it absolutely clear that…

This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week. Become a member to get access immediately

The NSA is releasing a free reverse engineering tool this year at the RSA security conference in San Francisco. A lot of people are asking about the motive of the NSA releasing a free reverse engineering tool at RSA this year.Theories include: it’s a backdoor, it’s a tracking mechanism, etc.My opinion? Recruiting.It’s a PR move to attract talent…

Unsupervised Learning is my weekly show where I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30-minute podcast & companion newsletter. The goal is to catch you up on current events, show you the best content from around the web, and hopefully give you something to think…

Short answer: it’s a trick question. Privacy is part of security. But just because one is part of the other doesn’t mean they are the same. There’s a nuance there that’s important. The word “security” is shorthand for “information security” or “cybersecurity” in this parlance. Information Security is about controlling access to information. Privacy is about making sure…

I’ve mentioned this in numerous places for the last few years, so I decided it was time to finally put it into a formal piece. It seems obvious at this point that China is building a massive database of information on American individuals and companies, which they can then use for various purposes—including espionage, intellectual property theft, extortion,…

I saw a tweet recently by Robert M. Lee—a highly respected ICS Security professional in the industry. When folks put “ICS” in the category of “IOT” it conflates the systems, purpose, value, and risks of separate communities. There’s important differences between a robot arm in a car manufacturing plant and your internet connected doll even if both have…

January always feels fresh to me—a chance to be better. But at the same time, it’s really just a day after the end of December. This is why I don’t do New Year Resolutions. Basically, if you wanted to do that thing bad enough, you would have done it already. But that’s for things that you can do…

This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week. Become a member to get access immediately

I was doing the Twitter thing recently, and someone was talking about red teaming and I had an epiphany: Vaccination and Red Teaming are extremely similar. Or at least they should be. Here are some similarities: The main purpose is to strengthen the defenses It’s done by exposing defenses to the bad stuff Its effect weakens over time,…

Unsupervised Learning is my weekly show where I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30-minute podcast & companion newsletter. The goal is to catch you up on current events, show you the best content from around the web, and hopefully give you something to think…

Don’t call them cameras or microphones anymore. Those are human-centric names, and humans are about to be the Neandertals of detection. I first heard this idea regarding cameras from Benedict Evans. What we’re moving towards is a world where sensors are everywhere—and of multiple types: Visible light Non-visible light Radio waves Sound Vibration Chemicals Radioactivity Air pressure Etc,…

One of the most frustrating things to me as a security person is having sales and marketing types confuse the different types of security assessment. Similarities And among those types of assessment, the pentest and red team are two of the most commonly mangled. First, let’s start with similarities. They’re both types of security assessment, meaning their goal…

This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week. Become a member to get access immediately

Brian Krebs ran a story recently about how FICO has a new service for rating the Cybersecurity risk level of various companies. Problem is, in one of their marketing communications about the new offering, they leaked the actual report data for a little company called ExxonMobil. I find this space both strange and fascinating. On one hand I…

Unsupervised Learning is my weekly show where I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30 minute podcast & companion newsletter. The goal is to catch you up on current events, show you the best content from around the web, and hopefully give you something to…

This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week. Become a member to get access immediately

This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week. Become a member to get access immediately

🛡️ Security News Ukraine has found another nasty piece of malware targetting their government systems. It’s a Windows backdoor called Pterodo. Link China has turned on their social credit system that was basically a Black Mirror episode, and it’s resulted in the blacklisting of millions of Chinese from booking flights. Their scores were too low. Unreal. Link The US…

This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week. Become a member to get access immediately

Security News 👋 We’re preparing to release the 2018 version of the OWASP IoT Top 10, and we would love your feedback! Updated to include a feedback form. Form Link 🛑 Check your Facebook account to see if it was hacked. Link The company that owns Fortnite has purchased a company focused on stopping cheaters. Link A government report…

There are tons of VPN options out there, and the field is confusing enough that I did a post on the topic a while back to help people pick one of the better ones and avoid the scams. But if you look at the considerations for making a good choice, they mostly reduce to the following: Privacy Log…

I’ve been obsessed with entropy since I learned about it in high school. It’s highly depressing, but it’s awesome at the same time given how inevitable it is, and how it’s happening all the time and all around us. I was just reading The Most Human Human, by Brian Christian, and it reminded me that I’ve wanted to…

If you haven’t heard yet—which is unlikely—there’s a problem with hiring in cybersecurity. The issue is we’re not sure of the nature of that problem. A number of studies are talking about there being 3.5 million unfilled cybersecurity positions by 2021. But many are in that same market looking for work and are unable to find any. So…

[ UPDATE: The project is now live here. ] Please give your feedback on the list here. The OWASP Internet of Things Top 10 has not been updated since 2014, for a number of reasons. First of which was the fact that we released the new umbrella project that removed focus from the Top 10 format. This, in…

Many of the calls are actually in Mandarin, which I don’t speak. Over the last few months I’ve seen my spam phone calls go from around one a week to like ten a day, and it’s been infuriating. After a good bit of Googling, I ended up coming up with two solutions that reduced the problem by around…

I just stumbled upon an article by Mark R. Heckman, Ph.D, CISSP, CISA that—like so many others in the industry—wildly contorts himself to make a distinction between security and privacy. He writes: I argued here why I don’t think this difference matters as much as people think. Without a clear understanding of the difference, data security and privacy…

Subscribe here to get this in your inbox every week. Security News 😮 The governments of the “Five Eyes” (US, Australia, UK, Canada, and New Zealand) have asked the world’s largest tech companies to build encryption backdoors into their systems. But more than just asking, they also said, ”Should governments continue to encounter impediments to lawful access to information…

For those who have been in information security for a while, nmap is like a warm and familiar blanket. Except this blanket kicks ass. It is—without question—the most versatile portscanner ever. A lot of people know that. Read my masscan tutorial. What fewer people know, however, is that with NSE scripting functionality nmap can do things you wouldn’t expect from a portscanner.…

There’s a famous, often-misattributed quote in the tech scene that says something like: If you’re not paying for a given service, then you’re not the customer—you’re the product.Many people, going back to the 70’s This is fairly well understood for services like Google and Facebook, where the service is basically free but the companies make most of their…

If you’ve spent any time coding in InfoSec, you’ve probably used a ton of curl to pull websites, check them for various issues or attributes, etc. This will follow redirects and provide a non-curl User Agent. curl -LA 'Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5' reddit.com…

Subscribe here to get this in your inbox every week. Security News TLS 1.3 is finalized and should start rolling out everywhere soon. Adoption is expected to be quick. Link Burp continues to impress with its massive campaign of improvements and blog posts describing them. They recently just talked about how they’re adding point-and-shoot scan functionality, where you…