- Unsupervised Learning
- Posts
- Unsupervised Learning Newsletter No. 281
STANDARD EDITION | Ep. 281 | Monday: May 17, 2021
SECURITY NEWS
Darkside, the ransomware group that ransomed Colonial, has largely gone dark after its servers and Bitcoin were seized. Its blog, payments collection site, and its CDN have gone offline. The most interesting thing to me about this story is that the attack appears to have been somewhat accidental, and the attack was actually on the company's IT systems and not their OT systems. But it turns out that if your IT systems don't work you can't do things like, "operate your business", so it ends up hurting almost as much as an OT attack anyway. More
Biden signed an executive order on cybersecurity, with three top highlights: 1) multifactor authentication for all federal agencies within 6 months, 2) breach disclosure requirements based on the severity of the incident, and 3) a star rating system for the security of software sold to the government. More Analysis
Verizon DBIR 2021: The primary trends for this year's DBIR report were web application attacks, ransomware, and credential stuffing. 85% of breaches involved a human element. Ransomware doubled to 10% of breaches. And external cloud assets were compromised more than on-prem assets. More
A security researcher has found a collection of major vulnerabilities in WiFi that affect most products that are in use today. Practical attacks don't appear trivial to carry out yet, but that could change as the bugs are better understood and people have time to make tooling. Patches have started to come out from some vendors, but it will take time due to the fact that the bugs affect so many products over multiple decades. More
Microsoft has released a free tool called Counterfit for testing AI-based security systems. It automates the launching of different types of attacks to see how AI-based systems respond, and they partnered with MITRE to release an ATT&CK style Adversarial ML Threat Matrix. More
OpenSSH 8.2 now works extremely well with U2F/FIDO2 security keys, meaning you can easily create a hardware-based keypair using ssh-keygen -t ecdsa-sk and have things work well without elaborate hacks of your SSH configs. More
Insurer AXA recently decided not to pay out for ransomware payments, and they are now dealing with a ransomware attack of their own. A ransomware group called Avaddon says they've stolen 3TB of data from AXA's Asian operations. More
The Pentagon is thinking about shutting down the JEDI cloud project due to all the legal drama around who it was awarded to. Amazon has been fighting the situation ever since the contract ever since it was awarded to Microsoft. More
The DHS is now monitoring public social media posts for signs of extremist beliefs and behaviors in an attempt to prevent situations like January 6, 2020. They appear to be focusing less on finding people, but rather on specific themes, narratives, and related plots. More
Vizio makes nearly as much from selling your data and selling ads as it does from selling the actual hardware. This is yet another example of where 'cheap' often equates to 'subsidized by selling your data'. More
A report from the Center for Countering Digital Hate says only 12 people are responsible for 65% of COVID-related misinformation being shared online. More
Cloudflare is looking to replace CAPTCHAs with physical security keys. It's a cool idea, but requires that websites adopt it. More More
Arlington Research says 85% of customers running Microsoft 365 have suffered email data breaches. More
Brian Krebs says adding Russian or Ukrainian as a virtual keyboard language will stop a lot of malware. More
Vulnerabilities:
Incidents:
Companies:
TECHNOLOGY NEWS
GPT-Neo is a new, free version of GPT-3. The biggest difference between GPT-3, which is not free, and GPT-Neo is that GPT-3 has much larger models. GPT-Neo has 2.7 billion parameters while GPT-3 goes up to 175 billion. More
STADIA, Google's video gaming service, looks to already be in major trouble. Google seems completely unable to make a cohesively good product anymore (functionality + usability). I don't understand how their product people are allowed to constantly fail, for like a decade, without anyone catching on that there's a problem. Someone said they've become the Oracle of the tech world, and I am starting to agree. More
Esports seems to be moving away from teams and leagues and towards influencers and streaming. A big reason for this is that the athletes themselves were prohibited from promoting themselves over their teams, which wasn't sustainable. I think the more sustainable model is individual first—connected through looser and more temporary affiliations. More
Companies
Kin raises $64 million for data-driven home insurance. More
HUMAN NEWS
Top industry experts are now saying that the lab leak theory of how COVID initially spread is not conspiracy thinking, and that it needs to be taken seriously. This is something we've talked about here at Unsupervised Learning multiple times. Basically there were legitimate political sensitivities around being anti-China that were stopping this from being explored, but the fact is that this exact type of research has been going on for a very long time, and similar leaks have happened multiple times both in the US and in Asia. So it's quite possible that it simply happened again in the case of COVID-19. More
Consumer prices (see inflation) rose the most since 2009 in April, and it caused a major disturbance in the stock market. More
McDonald's, Chipotle, and others are raising wages to address the lack of applications to open positions. More
China has landed its Zhurong rover on Mars. More
It's really hard to sell a book. The New York Times says 98% of books sold in 2020 sold fewer than 5,000 copies. And Bookstat says 96% of online books sold fewer than 1,000 copies. Only 11 books sold more than 500,000. More
Consumer Reports says Tesla Model 3 owners are the happiest car owners. As one such owner, I can say I'm definitely part of that cohort. More
Target has stopped selling Pokemon cards in physical stores because of the risk of violence between people trying to attain them. More
California has a $75 billion dollar budget surplus due to higher than anticipated tax revenue. More
The University of California is dropping the SAT for admission consideration. More
The firefighter community has a problem with arsonists. One expert says around 100 serial arsonists, working as firefighters, are convicted every year. More
CONTENT, IDEAS & ANALYSIS
The Ultimate Drug is Belonging — I think Belonging is at the bottom of most conspiracy thinking and truth denial we see today. Facts can and will be ignored if they're coming from a group that people think has abandoned them. Namely, "the elites". We must understand this if we want to make progress in any given conversation, and it shows us very clearly why "the deplorables" narrative does nothing but make things worse. More
NOTES
Currently re-reading How Innovation Works by Matt Ridley. More
DISCOVERY
The Purpose of Purpose More
43 years and 14 billion miles later, Voyager 1 is still sending us valuable data. More
Game Developer Salary Comparisons More
Ten Rules for Negotiating a Job Offer More
An EFF Threat Modeling Lesson More
Why Israel and Palestine Are Fighting More
FireEye's DARKSIDE gang analysis. More
RECOMMENDATIONS
I'm really enjoying this hilarious, improv-based podcast called A Mission to ZYXX. It's basically a bunch of voice actors doing a sci-fi adventure. Really good. More
APHORISMS