STANDARD EDITION | Ep. 291 | Monday: July 26, 2021 >
SECURITY NEWS
CISA has released a set of TTPs for Chinese state-sponsored cyber operations. More >
The US says China breached 13 pipeline operators between 2011 and 2013. According to FBI and CISA, the attackers were state-sponsored and made no attempt to modify pipeline operations in the targets. More >
A top US Catholic Church official was outed after someone tracked his cellphone data to Grinder and gay bars. More >
CIA's director says he's doubling efforts to figure out what's causing Havana Syndrome, which has affected more than 200 US officials and family members globally. More >
Clearview AI, the company that got in so much trouble for selling access to a database of people's faces and profiles, just raised $30 million in investment. More >
There's a new NTML Relay attack on Windows called PetitPotam. It works by forcing hosts to authenticate to an arbitrary machine via MS-EFSRPC. More >
Kaseya has the universal decryptor for the REvil ransomware it was infected with. More >
Antivaxx communities are adjusting their tactics to include speaking in code to avoid detection and banning. This example talks about "Dancing Folks" and "Non-Dancing" doctors. More >
People are becoming concerned that getting benefits is increasingly requiring that you agree to the use of facial recognition technology. 25 states are working with a vendor called ID.me, which uses the tech to verify identities for unemployment applications. More >
Vulnerabilities:
Cisco has released security updates for Intersight Virtual Appliance. More >
Adobe patches 21 vulnerabilities across 7 products. More >
Apple has released security updates for MacOS and iOS. More >
Fortinet has patched an issue that lets attackers run as root. More >
Companies:
Cyber Risk management company Firm Safe Security raised $33 million. More >
Bug Bounty and VDP platform YesWeHack rased $18.8 million. More >
DNSFilter raises $30 million. More >
TECHNOLOGY NEWS
Companies are working on tech to pull carbon out of the atmosphere, called Direct Air Capture, and there's significant interest from investors. More >
DeepMind created a system called AlphaFold that it says has predicted the structure of every protein in the human body, as well as for many yeasts, flies, mice, and other organisms. The protein structures can be used to help understand and fight disease, and they're releasing them all to the public. More >
Netflix is gambling on gaming over buying music studios. More >
Facebook is looking to become a Metaverse company. What does that mean? Basically, the convergence of physical, augmented, and virtual reality, along with an economy, and the ability to move seamlessly between them. I think this is smart, and Facebook is likely to do well as a first-mover in the space. More > More >
A survey by Unit4 says 83% of finance professionals plan to upskill on AI and related tech within 2 years. More >
HUMAN NEWS
41 percent of people across 11 countries say their next car will be electric. More >
China has effectively banned tutoring services in the country, essentially stating that education should be a matter of welfare not profit. More >
A lot of experts are saying we're likely to see large numbers of vaccine mandates once the FDA grants full approval to the main vaccines. Yes, you heard that right. The current offerings aren't yet FDA approved. Once they are, many employers and businesses are likely to require people to be vaccinated. Pretty hard to do that when the FDA hasn't signed off yet. More >
India is considering a two-child policy to keep its population growth in check. More >
PG&E will bury 10,000 miles of power lines. Many believe power lines could have been the cause of the massive fire in southern Oregon. More >
CONTENT, IDEAS & ANALYSIS
Associate With Grinders — Why I enjoy biographies so much, and how I plan to adjust how I spend my time. More >
How to Improve Vaccination Rates Using a Conspiracy — A conspiracy to use a conspiracy to improve vaccination rates. More >
Dead Drops and Security Through Obscurity — A quick piece looking at the security of Dead Drops. More >
The Presenting Vendor Paradox — Why so many conference talks come from company representatives. More > More >
InfoSec is Kids Falling Down Stairs — My analogy for security is kids falling down stairs. It’s easy to push them (Pentesting), and it’s easy to sit at the bottom and catch them (Defense). But after a while neither makes you feel that heroic. You just come to be sad that it keeps happening. More >
Vaccination Math— Obvious to most readers, but helpful to pass on: a rising rate of infections in vaccinated people is normal in a population that is rapidly vaccinating. If a population is 100% vaccinated, and some tiny fraction of vaccinated people can still get sick, then 100% of people getting sick will be vaccinated. The trick isn't to ask how many people who test positive were vaccinated, but rather, "What percentage of non-vaccinated vs. vaccinated people become hospitalized or died when they tested positive?" For example, 100% of COVID deaths in June in Maryland were unvaccinated. And cases and hospitalizations were 95% and 93% respectively. In Louisianna, 97% of cases and deaths since June were unvaccinated as well. It's pretty much high-90's percentages for cases, hospitalizations, and deaths everywhere in the US. Those are the numbers people should be looking at. More >
NOTES
The UL Book Club today (Sunday) was outstanding. We talked for a full 90 minutes about the topics of China's rise, the legitimacy of the book's claims, and what can and should be done about China's new approach. Fascinating discussion. We also picked the next book, which is Dune! David thought it was a good idea given the upcoming movie in September. More >
Someone plagiarized a bunch of my and other peoples' work, and I asked Twitter for help finding him and asking him to stop. The article came down in minutes, and I believe I framed it correctly in my messaging. In short, public callout, but a call for letting him learn his lesson and be forgiven. I still haven't heard from the guy, though. Oh, and it looks like he's blocked me on Twitter, along with everyone else mentioned in the thread. Maybe not so benign after all. More >
Getting back into the flow of writing (5 items in CONTENT, IDEAS & ANALYSIS this week), and will be starting the new job this week. Super excited about everything right now! So many projects. So little time.
One of the new podcasts I just started listening to mentioned stretch gyms and breathing gyms. Not sure about you, but I'm not overly excited by the idea of breathing heavily in a room full of people right now. But stretching…that's appealing to me. Right now I'm heavily focused on just getting my body working correctly. So, being really strong (weights), having a strong core (core workouts), and being flexible (stretching). I've never thought of full workouts just focused on stretching until I heard it on the podcast, but I'm intrigued. If you all know of any good remote options for this I'd love to partake. Bonus if they somehow integrate with Apple Fitness.
DISCOVERY
Drowning Doesn't Look Like Drowning More >
The Great Resignation More >
A Full Guide to TikTok, by the Verge More >
Wander the Night — A website that plays wonderful soundtracks inspired by wandering in major Asian cities. More >
Dr. Who's 13th season covers a single story. More >
Reverse Engineering for Dummies More >
Reconky — A Bash script that runs assetfinder, Sublist3r, amass, knockpy, httprobe, nmap, and eyewitness all in one tool. More >
ReverseSSH — A standalone, statically-linked SSH binary for use in CTFs or pentesting. More >
RECOMMENDATIONS
Consume more biographies of great people. My friend Travis McPeak just told me about a great podcast called How to Take Over The World, which, first off, has a great name. But second, it's a phenomenal series about the lives of great people. Tim Ferriss did something similar I think, but less cleanly. Anyway, highly recommended. More >
Hang out with Grinders. Make a list of your friends who are constantly working to improve their lives, their projects, their friends, and most of all themselves. Spend more time with them. Prioritize texting, voice, and video calling with them. Help them to be better, and ask them to do the same with you.
APHORISMS
"You are what you can't stop doing."