Unsupervised Learning Newsletter No. 309

News & Analysis

Standard Edition | Ep. 309 | November 29, 2021


CISA has released Capacity Enhancement Guides for improving mobile device security for both consumers and organizations. It's a collection of guidance for topics such as countering phishing, securing browsers, implementing strong auth, and others. More

France was about to buy Pegasus from NSO Group, but with news that the group targeted French President Macron, and the US ban on the company, the deal is at risk. More

Apple is also suing NSO Group, citing the use of the company's tool by opressive regimes to spy on innocent victims. More

In related news, Israel just announced that they're banning the export of hacking and surveillance tools to 65 new countries. This supposedly brings the allow list down to 37 countries. More

Ross Bevington, a security researcher at Microsoft, says he looked at 25 million SSH brute force attacks across Microft's sensor network and found that 77% of attempts were between 1 and 7 characters. Guesses over 10 characters were only seen in 6% of cases. More

Apple is going to start notifying users if they're being targeted by state-sponsored actors. Targeted users will get a notification in their AppleID account, as well as an email and text. More

Palo Alto's Unit 42 used a honeypot of 320 systems to detect attacks against internet-facing misconfigurations in daemons like SSH, RDP, and Postgres. They said 80% of the systems were compromised within a week, and some were hit within minutes. More | Report

David Shütz was awarded $10,000 by Google for finding vulnerabilities in Google Cloud Platform. More

Ukraine is pushing to upgrade its navy due to increased concern around Russian agression. More


  • GoDaddy reported an incident due to a flaw in a Managed Wordpress installation. More

  • A new piece of malware called 'Tardigrade' is targeting biomanufacturing facilities. More


  • vSphere Web Client | 7.5 More

  • Insulet OmniPod Insulin Management System | Allows for a replay attack that can inject insulin. More


  • Shield-IoT raises $7.4 million to do IoT security. More

  • Resilience raises $80 million in their Series C to do Cyber Insurance. More


Samsung is building a $17 billion chip factory in Texas, meaning more of the world's chips will be made in America. More

Android users are evidently about to have a better text reactions experience when talking to iPhone users. Previously, reactions would come in out of order and generally looking wonky, and there's an update rolling out now that will make them behave more like native Android reactions. More

Tile is being acquired by Life360, a location tracking company. More


  • HP reported $17 billion in revenue, up 9% over last year. More


Scientists are rushing to figure out how much current vaccines defend against COVID's new Omicron variant. Meanwhile, Moderna says they could have an updated vaccine early in 2022. More

South Africa is complaining that they did the right thing by alerting the world to Omicron, but that they're now being punished for it. Fair point, it seems. This is a good way to encourage countries to stay quiet in the future so they're not the one listed as the source. More

California wants to delay the teaching of Algrebra until 9th grade across the entire state. A lot of people are upset about this, including me. Progressives need to learn that you can't reduce the gap between the top and bottom by lowering the bottom. Students with education-focused parents (largely immigrants) will still learn advanced math early and they'll still get into the best schools and get the best jobs. This kind of policy just pulls everyone else futher behind them. More

If you were waiting for a true sign of inflation, most items at the Dollar Tree will now cost $1.25. More


The Unsupervised Learning Daily Routine — I finally completed my daily routine writeup for the UL community. It's not just the list of steps, but also includes annotations for why I included each item and the research behind it. It's a living document that I'll continue to tweak, and we'll be able to track the changes over time in Github. More


I've been an advisor for a startup called Opera Event for around 5 years, and my buddy Andrew who works there is heading out to DCentral Miami this week. Opera Event is a community-focused technology platform that helps communities, guilds, and DAOs take control of their user data, incentives, and currencies. If you work at OpenSea or any NFT/Web 3.0-focused company, or know someone who does, hit him up at [email protected] to meet up there!

I'm somehow reading like 7 books right now. Not bragging. It's sloppy and I need to clean it up. Basically need to push through or abandon a few.

I just started Assassin's Apprentice, and I'm really enjoying the spin-up. Feels like an origin story with potential!

UL had a great bookclub today, and the book absolutely blew us away. It was way better than I thought it would be. The book was The Design of Everyday Things. This book is going into my Read Frequently list for sure.

I'm working on tons of content for the site right now, some general and some for members. The list includes a new Mental Models piece, which I'm really excited about.


COVID Deaths by Vaccination Status — A brilliant presentation of the data around this topic. Spoiler: In the US, people vaccinated with Moderna are around 14 times less likely to die of COVID than someone who's not vaccinated. Note, this is before boosters, which will widen that gap significantly. More

Another meta-analysis of the impact of Vitamin D on COVID infection has found that, "The limited currently available data suggest that sufficient Vitamin D level in serum is associated with a significantly decreased risk of COVID-19 infection". More

The Verge reviewed the new Generation 3 of the Oura Ring. Big takeaways: positive, with lots of features are still coming, and it now requires a subscription. More

The Age of the Creative Minority More

Bugcrowd is hiring a Technical Project Manager. More

Don't Soften Feedback More

Hardening your SSH Config File More

Practical Security Recommendations for Startups With Limited Budgets More

Maderas' favorite OSINT resources. More

CVE Trends — A wonderful way to monitor trendting CVEs on Twitter, written by Simon J. Bell. More

SSH-Audit — Audit your client and server SSH configs. More | by jtesta

Cracken — A smart-wordlist generator. More | by Shmuelamar


I've been studying physical and cognitive health for the last few years—with a special focus on longevity and happiness. After reading a couple dozen books on everything from diet, exercise, fitness, meditation, etc., there is one unified theme that stands out to me: making your body uncomfortable.

Think about that. The thing that running, lifting weights, ice baths, saunas, and fasting all have in common is that they produce health and happiness by convincing the body that life is still difficult, i.e., that life is still happening.

So my recommendation to you is to think about struggle as an umbrella concept for health and happiness: In short, make sure you are challening your body in some way on a regular basis.


"Find out who you are and do it on purpose."

Dolly Parton