STANDARD EDITION | Ep. 291 | Monday: July 26, 2021
SECURITY NEWS
CISA has released a set of TTPs for Chinese state-sponsored cyber operations. More
The US says China breached 13 pipeline operators between 2011 and 2013. According to FBI and CISA, the attackers were state-sponsored and made no attempt to modify pipeline operations in the targets. More
A top US Catholic Church official was outed after someone tracked his cellphone data to Grinder and gay bars. More
CIA's director says he's doubling efforts to figure out what's causing Havana Syndrome, which has affected more than 200 US officials and family members globally. More
Clearview AI, the company that got in so much trouble for selling access to a database of people's faces and profiles, just raised $30 million in investment. More
There's a new NTML Relay attack on Windows called PetitPotam. It works by forcing hosts to authenticate to an arbitrary machine via MS-EFSRPC. More
Kaseya has the universal decryptor for the REvil ransomware it was infected with. More
Antivaxx communities are adjusting their tactics to include speaking in code to avoid detection and banning. This example talks about "Dancing Folks" and "Non-Dancing" doctors. More
People are becoming concerned that getting benefits is increasingly requiring that you agree to the use of facial recognition technology. 25 states are working with a vendor called ID.me, which uses the tech to verify identities for unemployment applications. More
Vulnerabilities:
Cisco has released security updates for Intersight Virtual Appliance. More
Adobe patches 21 vulnerabilities across 7 products. More
Apple has released security updates for MacOS and iOS. More
Fortinet has patched an issue that lets attackers run as root. More
Companies:
Cyber Risk management company Firm Safe Security raised $33 million. More
Bug Bounty and VDP platform YesWeHack rased $18.8 million. More
DNSFilter raises $30 million. More
TECHNOLOGY NEWS
Companies are working on tech to pull carbon out of the atmosphere, called Direct Air Capture, and there's significant interest from investors. More
DeepMind created a system called AlphaFold that it says has predicted the structure of every protein in the human body, as well as for many yeasts, flies, mice, and other organisms. The protein structures can be used to help understand and fight disease, and they're releasing them all to the public. More
Netflix is gambling on gaming over buying music studios. More
Facebook is looking to become a Metaverse company. What does that mean? Basically, the convergence of physical, augmented, and virtual reality, along with an economy, and the ability to move seamlessly between them. I think this is smart, and Facebook is likely to do well as a first-mover in the space. More More
A survey by Unit4 says 83% of finance professionals plan to upskill on AI and related tech within 2 years. More
HUMAN NEWS
41 percent of people across 11 countries say their next car will be electric. More
China has effectively banned tutoring services in the country, essentially stating that education should be a matter of welfare not profit. More
A lot of experts are saying we're likely to see large numbers of vaccine mandates once the FDA grants full approval to the main vaccines. Yes, you heard that right. The current offerings aren't yet FDA approved. Once they are, many employers and businesses are likely to require people to be vaccinated. Pretty hard to do that when the FDA hasn't signed off yet. More
India is considering a two-child policy to keep its population growth in check. More
PG&E will bury 10,000 miles of power lines. Many believe power lines could have been the cause of the massive fire in southern Oregon. More
CONTENT, IDEAS & ANALYSIS
Associate With Grinders — Why I enjoy biographies so much, and how I plan to adjust how I spend my time. More
How to Improve Vaccination Rates Using a Conspiracy — A conspiracy to use a conspiracy to improve vaccination rates. More
Dead Drops and Security Through Obscurity — A quick piece looking at the security of Dead Drops. More
The Presenting Vendor Paradox — Why so many conference talks come from company representatives. More More
InfoSec is Kids Falling Down Stairs — My analogy for security is kids falling down stairs. It’s easy to push them (Pentesting), and it’s easy to sit at the bottom and catch them (Defense). But after a while neither makes you feel that heroic. You just come to be sad that it keeps happening. More
Vaccination Math— Obvious to most readers, but helpful to pass on: a rising rate of infections in vaccinated people is normal in a population that is rapidly vaccinating. If a population is 100% vaccinated, and some tiny fraction of vaccinated people can still get sick, then 100% of people getting sick will be vaccinated. The trick isn't to ask how many people who test positive were vaccinated, but rather, "What percentage of non-vaccinated vs. vaccinated people become hospitalized or died when they tested positive?" For example, 100% of COVID deaths in June in Maryland were unvaccinated. And cases and hospitalizations were 95% and 93% respectively. In Louisianna, 97% of cases and deaths since June were unvaccinated as well. It's pretty much high-90's percentages for cases, hospitalizations, and deaths everywhere in the US. Those are the numbers people should be looking at. More
NOTES
The UL Book Club today (Sunday) was outstanding. We talked for a full 90 minutes about the topics of China's rise, the legitimacy of the book's claims, and what can and should be done about China's new approach. Fascinating discussion. We also picked the next book, which is Dune! David thought it was a good idea given the upcoming movie in September. More
Someone plagiarized a bunch of my and other peoples' work, and I asked Twitter for help finding him and asking him to stop. The article came down in minutes, and I believe I framed it correctly in my messaging. In short, public callout, but a call for letting him learn his lesson and be forgiven. I still haven't heard from the guy, though. Oh, and it looks like he's blocked me on Twitter, along with everyone else mentioned in the thread. Maybe not so benign after all. More
Getting back into the flow of writing (5 items in CONTENT, IDEAS & ANALYSIS this week), and will be starting the new job this week. Super excited about everything right now! So many projects. So little time.
One of the new podcasts I just started listening to mentioned stretch gyms and breathing gyms. Not sure about you, but I'm not overly excited by the idea of breathing heavily in a room full of people right now. But stretching…that's appealing to me. Right now I'm heavily focused on just getting my body working correctly. So, being really strong (weights), having a strong core (core workouts), and being flexible (stretching). I've never thought of full workouts just focused on stretching until I heard it on the podcast, but I'm intrigued. If you all know of any good remote options for this I'd love to partake. Bonus if they somehow integrate with Apple Fitness.
DISCOVERY
Drowning Doesn't Look Like Drowning More
The Great Resignation More
A Full Guide to TikTok, by the Verge More
Wander the Night — A website that plays wonderful soundtracks inspired by wandering in major Asian cities. More
Dr. Who's 13th season covers a single story. More
Reverse Engineering for Dummies More
Reconky — A Bash script that runs assetfinder, Sublist3r, amass, knockpy, httprobe, nmap, and eyewitness all in one tool. More
ReverseSSH — A standalone, statically-linked SSH binary for use in CTFs or pentesting. More
RECOMMENDATIONS
Consume more biographies of great people. My friend Travis McPeak just told me about a great podcast called How to Take Over The World, which, first off, has a great name. But second, it's a phenomenal series about the lives of great people. Tim Ferriss did something similar I think, but less cleanly. Anyway, highly recommended. More
Hang out with Grinders. Make a list of your friends who are constantly working to improve their lives, their projects, their friends, and most of all themselves. Spend more time with them. Prioritize texting, voice, and video calling with them. Help them to be better, and ask them to do the same with you.
APHORISMS
"You are what you can't stop doing."