Unsupervised Learning Newsletter NO. 317

News & Analysis

STANDARD EDITION | EP. 317 | FEB 7 2022

SECURITY NEWS

The Biden Administration has formed a Cybersecurity board to serve something like an NTSB for breaches, and they'll start by looking into log4j. More

Attackers were able to steal around $323 million in cryptocurrency by exploiting a web-based service called Wormhole. Wormhole is a system that allows one to transfer crypto between blockchains, specifically between Solana and other chains like Avalanche, Ethereum, Polygon, and others. The attack created a fake minting account that created 120,000 ETH coins on the Solana chain and transferred them out. This is a great example of where so many flaws just come down to failed logic when doing the basics. More | The Attack

Cloudflare has launched a paid public bounty program. More

The US is testing robotic patrol dogs along the Mexican border. People are upset not just about automated sentries on the border, but because the company that makes the "dogs" (Ghost Robotics) previously highlighted a similar robot with a sniper rifle attached to it. More

Canada is facing a serious security situation related to the Trucker Vaccine Protest, which has now turned into something like an occupation of Ottawa. It has January 6th vibes, and while I don't know much about Canada, I do know enough to be worried. More in the Ideas section below. More | A Tweet Analysis

Vulnerabilities:

  • Cisco Small Business RV Routers | Critical | Code Execution More

  • Samba | Critical | CVE-2021-44142 | 9.9 | RCE More

  • Google Chrome | 27 Vulnerabilities | High | More

  • Poll: "Do you like this condensed format for displaying vulnerability information?" Vote

Companies:

  • PlexTrac | Purple Team Management | $70 Million (they're also a sponsor!) More

  • MariaDB is becoming a public company. More


TECHNOLOGY NEWS

Meta lost the most value of any company in history last week after announcing earnings. They lost users for the first time as well, and announced that Apple's privacy changes will result in over $10 billion in lost revenue in 2022. More

Amazon now has a $30 billion advertising business. More

Amazon is raising the price of Prime from $119/year to $139/year. The last bump was in 2018 when it went from $99 to $119. More

Buzzfeed found the real names of the Bored Ape Yatch Club's creators. They're two guys in Florida. More

The IRS is facing pushback on them using ID.me to verify identities. People are evidently not super enthused about having to upload selfies to be able to pay their taxes. More

Amazon and some others are looking at potentially buying Peloton. More

A number of UK supermarkets are going to use cameras and AI to determine if people are old enough to buy alcohol. If they look under 25, they'll have to show ID to a human. The goal of the system is to reduce line times by automating most of the checks. More


HUMAN NEWS

President Biden re-instated the Cancer Moonshot program to accelerate progress against cancer. The goal is to reduce the death rate from cancer by 50% in the next 25 years. More

The lack of teachers problem is so bad in New Mexico that there's an initiative to use National Guard troops as substitutes. More

Americans believe their overall quality of life, the ability for someone to get ahead if they're working hard, and many other key satisfaction elements are significantly worse in 2021 and 2022 than in 2020. I personally see this as more evidence that Trump will be extremely strong in 2024. It's not about reality; it's about the perception of reality, and he's a master at controlling that narrative. The top metric, for example, was the overall quality of life. It was rated as an 84 in 2020 and 67 and 69 in 2021 and 2022. More


CONTENT, IDEAS & ANALYSIS

The Rise of White Extremism in the US, Canada, and Europe — How I think January 6th and the Trucker Freedom convoy in Canada have a lot more in common than people think, and how I believe it's part of a much bigger problem. More

Thoughts on Rogan and Redemption — My reaction to the Joe Rogan racism controversy, and a brief discussion of who deserves redemption and who doesn't. More

The Irony of InfoSec's Reaction to Crypto, NFTs, and Web3 — An argument that the InfoSec community should be more open to exploring technology that could shape our future, even when they have valid concerns and criticisms. More

Employee NPS Scores — I just had this article shared with me on the concept of simplifying employee (and manager) reviews down to a single question: "How likely are you to recommend working with [PERSON] to a friend or colleague?" Absolutely brilliant. The same goes for managers. "How likely are you to recommend working for [PERSON] to a friend or colleague?" As the article points out, there are tons of great rating systems that might eventually get you to this level of accuracy, but many of them involve multiple surveys, lots of interviews, and days or weeks to complete. This is one question, and according to the author of the article, it often yields the same results. Officially my favorite find of the week. More


NOTES

We now have a dedicated page for the UL Book Club! It covers how we select books, when we meet, and has a running list of all the books we've discussed in the past. More

Last month's Book Club was tremendous fun, and the book, Project Hail Mary, was surprisingly excellent. I mean we thought it would be good, but many of us could not put it down. One of the purest executions of science fiction I can remember since The Three-Body Problem. And we're reading that soon!

My great friend Mohsan Farid was just on the Bad Crypto Podcast. He talked about how he got into hacking, the different places he's worked, as well as his company LedgerOps which focuses on blockchain security. Mohsan is an awesome hacker and a wonderful human being, and this is a great primer on what he's up to. More | via The Bad Crypto Podcast
 

SPONSORED DISCOVERY

Vanta: Key Differentiators In Security Automation Platforms
 

There are so many compliance platforms on the market, yet not all are created equal. As the leader in compliance automation, we know exactly what features to look for when choosing an automated platform.

We've compiled a list of the biggest differentiators to check for – and we explain how each feature works in order to make your job more efficient as you go through the compliance process.


DISCOVERY

Neural.love — An AI that takes an old image and produces something that looks more like a photograph of the subject. For example, a crappy selfie, an old painting, etc. Submit them and get back a decent picture of the person. More

Runway ML — An AI-based video editor that allows you to remove backgrounds, remove subjects, and otherwise edit scenes with extreme ease. More

An extraordinarily in-depth post on the fundamentals of a good security program, by Phil Venables. More 

The Great Resignation Might Be Due to the Old Age of US Workers — A great piece on how old a lot of US workers are. The median age in the US is 38, but many professions have median ages closer to 50. More

Non-Security Things That Can Sink a Security Program | More | by Helen Patton

China had to make the snow for its Beijing Olympics, and it wasn't easy or cheap. More

Google Slides is Hilarious More

Democracity Booklet, New York World's Fair 1939 More

🔥 Managing People More | by Andreas Klinger

An epic zoom-in to the center of the Milky Way galaxy, culminating in a look at stars orbiting the black hole at our center. More

Ask HN: How Do You Deal With Getting Old and Feeling Lost? — Answering this question for other people is basically my life mission. If you feel like this, let me know so I can try to help. More

"You're a better hacker if you know how to build the thing you're trying to hack." More | by Fabio Viggiani

Curl now has a JSON option! More

[ OSINT ] Favicon Map — Shodan's database of favicons it's found during its scanning. More

[ VULN MANAGEMENT ] OWASP WrongSecrets — An insecure app full of insecurely stored secrets. More


[ NETSEC ] Scanning Made Easy — A joint project between NCSC and i100 to create a collection of NMAP NSE scripts that function much like a unified vulnerability scanner. The Scripts


RECOMMENDATION

Any time you need to rate something (like employees, managers, products, whatever), and you're overthinking with some elaborate system, consider using the NPS model. Basically, just ask one question: "How likely are you to recommend [THING] to a friend or colleague?" It might not be as good as your super-fancy system, but it might actually be better. And it'll definitely be faster.


APHORISM

“All gardeners live in beautiful places because they make them so.”

Joseph Joubert