Unsupervised Learning Newsletter No. 263

I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next. Every Monday I send out a list of the best content I've found in the last week to around 50,000 people. It'll save you tons of time. 
 

STANDARD EDITION | Ep. 263 | January 11, 2021

Happy New Year! I'm trying to get to 1,000 paid subscribers, and if you enjoy the newsletter please consider becoming a member for just $59.99 a year (less than $5/month). Subscribe Now

SECURITY NEWS

Many are worried about the integrity of congressional IT systems after a mob entered the Capitol building and roamed around without any security present. One concern is that there could have been a few sophisticated attackers mixed in with the group, and that they may have left hidden eavesdropping devices or installed malware. More

The FBI is warning private industry against the Egregor ransomware group, which they say is one of the groups that extracts data before they encrypt it so that it can be used in other types of attack. They also say there are multiple implementations of the "service", which means the TTPs can differ widely. More

It appears Parler was hacked through an information disclosure issue which lead to the ability to create admin accounts, which ended up yielding full data extraction capabilities via the API. This has resulted in mass-downloading of Parler user data, including that of "Verified Citizen" accounts, which require that the person upload their actual driver's license. So basically a massive doxing at this point. And it appears law enforcement has been using this data to create no-fly lists and to launch further investigations. More

Clearview—the facial recognition app used by law enforcement—has seen a surge in usage since the Capitol attack last week. More

There is speculation that JetBrains, a company founded by three Russians and which maintains a Russian presence, may have been part of the Solarwinds incident. The software is used in software development, and has been purchased by 79 of the Fortune 100, including Solarwinds. More
 
It appears Chinese APTs are starting to chase financial targets. It's not clear if it's a means or an ends, but one example comes from Israeli security companies Profero and Security Joes. They found APT27 (Emissary Panda) going after five online gambling companies. Earlier in 2020, Trend Micro also found APT41 going after online gaming companies. More

The US government has banned Alipay and 7 other Chinese applications for use in the US. More

In the continuing discovery process of the scope of the Solarwinds hack damage, it appears countless sealed court documents were accessed as well, according to the Administrative Office of the US Courts. More

Jack Ma—the richest man in China—has gone missing after criticizing Chinese banks and having his ANT IPO stopped by the Chinese government. Nobody's seen him in public for weeks. This is a really bad look for China, and it's just going to tell more ambitious Chinese to get out as fast as they can, as well as telling other countries not to trust them. More

The US Space Force (still getting used to that) detected an Iranian missile attack against US forces in Iraq and alerted personnel before the missiles landed. Many were injured, but nobody died due to the early warning from the 2nd Space Warning Squadron. More

Vulnerabilities:

• NVIDIA has shipped patches for multiple high-risk issues, with the highest being CVSS 8.4. More

Incidents:

• Nissan had a significant source code leak due to using admin/admin as its Github credentials. The repo had over 20GB of data in it. More

TECHNOLOGY NEWS

OpenAI has released two new GPT-3 models that combine NLP with image recognition. One of them, called DALL-E, allows you to describe in natural language an image that you want it to create. Such as, "an avocado that looks like a chair", and it'll make some for you by itself. I often feel like OpenAI is our real-world Cyberdyne Systems. More Examples

CES is kicking off this week, and LG has some slick new transparent OLED stuff that looks really cool. The best demonstration I saw of it was a subway window that has data on it but that you can also still see through. The restaurant ordering use case was pretty cool too. But I'm all about the 8K 88" OLED. Video

Bitcoin has crossed $40,000 less than three weeks after crossing $20,000. Not sure if this is tech news or human news, honestly. People are very worried it's another bubble, but I think the 'money sheltering for the rich' angle changes things slightly. Maybe. More

Some documents out of China hint that Tesla may be looking to produce a new car for $25,000 to $30,000 as early as 2022. If this is true, and they were actually able to build them at scale, this would be more trouble for traditional carmakers, and for people who short-sold Tesla stock. More

HUMAN NEWS

It appears identical twins can differ genetically very early on in their development, and that later differences in the twins can be caused by genetics as well as environment. More

I'm not a Jeopardy fan, but I've seen my portion of episodes. For some reason 2020 has made this tribute video to Alex Trebek hit a lot harder. I guess because he represented part of America. Video

Elon Musk has passed Jeff Bezos to become the richest person in the world on the skyrocketing price of Tesla stock. More

A new study published in Science indicates that resistance to COVID from a previous case or vaccination might last longer than feared—even up to years. More

We have new images of Mars' Valles Marineris, the biggest canyon system in the solar system. It's 10 times longer than the Grand Canyon, and three times as deep. More

Denmark is offering homeowners 20-year loans at zero fixed interest. More

IDEAS & ANALYSIS

The Line Between Choosing Your Own Customers and Censorship — Was it censorship for AWS to drop Parler, or is it their right as a private company to pick who they work with? More

On Unionizing Against Tech Companies — When is it ok to push back against your company's mission, and when should you just leave? More

MY UPDATES

I just started a new book called, The City We Became, by N.K. Jemisin. It's like no other book I've ever read. And Rothfuss, the author of Name of the Wind, says this is the future of fantasy. I can see why. More

DISCOVERY

Notes On Writing Well More

Aaron Swartz on how to be more productive. More

What I've Learned in 45 Years in the Software Industry More

How to Find the Perfect Music and Podcasts, Faster. More

15.ai — Create character voices with definable characteristics, using AI. More

Schwarzenegger's comments on last week's events were fantastic. Video

[ Free Book ] Algorithms For Making Decisions PDF

[ Free Course ] Machine Learning for Security Professionals More

Don't dox yourself when tweeting about data breaches. More

Wired's list of highly-hyped TV shows for 2021. More

RECOMMENDATIONS

When you think about probabilities in an uncertain situation, consider using the Probability Yardstick, which is used by NSA and multiple UK intelligence and law enforcement groups. It associates common phrases like, "remote chance", or "realistic probability" into actual percentages so that analysts and decision-makers can have a shared language. More

APHORISMS

“We are more often frightened than hurt; and we suffer more in imagination than in reality.”

~ Seneca