Unsupervised Learning Newsletter NO. 339

Lockdown Mode, Paid Pentagon Bounty, China's IP Threat…


Lockdown Mode, Paid Pentagon Bounty, China's IP Threat…
🗞️ NO. 339 — STANDARD EDITION | JUL 11 2022

Well, the world seems to be going a bit sideways. But remember—we still have friends, books, and coffee. And that's pretty great.

— Daniel


A MITRE Advisory Accidently Included Live Vulnerable Instances
A MITRE advisory came out recently regarding insecure camera admin interfaces, but rather than the references section just including more information about the vulnerability, it also included a list of vulnerable internet-accessible instances. More

Apple Introduces "Lockdown Mode" for Likely Spyware Targets
In iOS 16, Apple is introducing a new feature that locks down one's device against targeted attacks. The primary use cases are people like reporters or high-ranking officials being hit with spyware created by companies like NSO Group. The tool works by disabling functionality within multiple parts of a device, including attachment types in Messages, certain JIT web technologies, incoming communication prompts like FaceTime, wired connections when locked, and the installation of configuration profiles. I say Bravo to Apple on this one, and I can't wait to see someone take the future steps here of monitoring one's threat level and adjusting such things dynamically. More

FBI and MI5 Say China Steals Constantly and Massively
Speaking at a venue for business leaders, the MI5 and FBI leaders said China is our most serious threat to our intellectual property. "The most game-changing challenge we face comes from the Chinese Communist Party. It's covertly applying pressure across the globe." The FBI director went on to say the Chinese hacking program was "lavishly resourced" and "bigger than every other country combined." More



Cerby: Automate Your Security Hygiene

Over the next decade, 90% of all technology spend will occur outside of IT. And as business users play a bigger role in selecting the apps they use for work, they often implement and configure those tools themselves. This often results in highly insecure applications that become the entry points for attackers.

But Cerby can help. Cerby protects your apps by continuously and automatically identifying and applying common security controls to your applications as if they were installed by IT or Security. Cerby automates your security hygiene. Protect. Secure. Automate.

The Pentagon is Running a Paid Bounty
The Pentagon has been running klout-based bounty programs for a while now, but between July 7th and July 11th they're paying out up to $110,000 to people who find bugs. They're paying $500 for highs and $1,000 for criticals. They've also said they'll pay up to $5,000 for really serious issues. More

Researchers Have Found a Way to Detect Deepfakes Using Lighting Variations
Researchers at NSA and Cal Berkeley have found a way to detect Deepfakes using lighting variations. They introduce an element on the screen that changes a narrow band of color faster than most Deepfake systems can respond. More

Myanmar's Authoritarian Government Implements Chinese Surveillance Tech
Myanmar's Junta government is expanding its installations of Chinese-made surveillance cameras with built-in facial recognition. The plans are being sold as "safe city projects", as one does. More

Iran Announces 20% Enrichment of Uranium
US President Biden is heading to Iran this week and Iran has just released a report saying they're consistently producing Uranium at 20% enrichment levels at its underground Fordo facility. 20% is a big step towards the 90% needed for weapons-grade uses, but they evidently already have enough 60%-enriched matter for a single bomb if they choose to make one. More 

Arizona Makes It Illegal to Film Within 8 Feet of Police
Arizona has passed a law making it illegal to film police within 8 feet. Lots of freedom-advocacy groups are upset with this law, but I'm happy that it seems to imply it's ok to do so from 9+ feet away. I mean, 8 feet is pretty damn close to be to anyone you're not hanging out with, in most situations. I do worry about it being the cop's word vs. the filmer when it comes to distance, though. More


  • HIGH | There's now a working PoC for last week's Django SQL Injection vulnerability. More

  • CRITICAL | Cisco has released multiple updates for products, including a Critical issue in Cisco Expressway Series and TelePresence Video Communication Server. More


  • Swimlane has raised a $70 million dollar Series C to continue its efforts to automate security. More

  • Coalition raised a $250 million F round to continue doing cyber insurance at a $5 billion valuation. Their approach focuses on providing tools for active monitoring and risk assessment. More


Elon Musk Officially Bails on Twitter
Elon Musk has officially submitted to stop the Twitter deal, and Twitter is suing him over it. Much has been said about this entire back and forth with the deal, but I think the final lesson will be one for Musk on controlling his impulses. He enjoys being spontaneous, and that's generally a good trait, but certain things like the SEC, the jobs of tens of thousands of people, and tens of billions of dollars are not to be joked about. This one is going to sting for sure, most likely in the form of 1) people taking him less seriously, and 2) a considerable settlement. More

US Crosses 5% Tipping Point of EV Adoption
Bloomberg has done analysis saying 5% is the tipping point for EV adoption in multiple countries, and the US has just crossed that threshold. More

German Researchers Quantum Entangle Across 20 Miles
Researchers were able to entangle two atoms across a new record of 20 miles of fiber optics, giving us hope that the Ansible from Ender's Game will one day be possible. More

Tesla Opening Its Chargers
Tesla is opening its Superchargers to non-Tesla vehicles in the US later this year. The change will require some additional equipment to allow non-Tesla vehicles to charge. More


Multiple Universal Covid Vaccines in Trial
There's a new universal vaccine for Covid starting phase 1 of human trials. This one hopes to protect against not only Covid but SARS and some common colds as well, and it uses a "novel mosaic nanoparticle technology" to do so. This is a more experimental vaccine approach, but there are many others in various stages of development. More

OnlyFans Now Has Pimps
There are new "marketing agencies" popping up to manage women on OnlyFans. They provide services like social media marketing, managing their communities, and impersonating them in chat to get people to buy private videos. And of course, they get part of the profit for providing these services. On one hand, as a creator, these seem like completely legitimate services, but when a business owner is managing a group of young women in a sexualized market I can't help but be skeptical and repelled. More

You Can Now Teach Kids in Arizona Without a College Degree
Arizona has changed its laws so that you can teach kids if you are simply enrolled in college vs. having a degree already. Naturally, this has earned mixed reactions. My untrained response is that this is probably a net-good thing given how many teachers are quitting. But here's another crazy idea: maybe if teachers didn't want to do the work then teachers-in-training might not want to either. But at least there will be more of them. Opinion: I think public education is the US's most serious failure. More

California Will Make Its Own Insulin
Gavin Newsom says paying $300-$500 a month for insulin is a clear case of market failure, so he's going to have the state produce it as an alternative. Not a huge Newsom fan, but I like government being used in this way. More

Fewer In US Take Bible Literally
Only 20% of Americans now see the Bible as the literal word of God. In the mid-eighties, this number peaked at 40%. More


✍🏼 My Ultimate Zsh and Vim Config [July 2022]
My new piece on my current Zsh and Vim setup. "I’ve done dozens of shell optimization posts over the years, and I thought it was time for an update. Here’s what I’m currently using and why…" More

✍🏼 The Difference Between Classical Liberalism and Libertarianism [2019]
This piece has been popular from searches lately, so I thought I'd share it. "Classical Liberalism was a strong counter to previous political movements that placed authority in the hands of churches, monarchs, or governments.…" More

✍🏼 The Workforce Reduction Pincer Move During Recessions
My new short piece on how companies are using the downturn to get rid of unwanted employees. "Companies are doing something smart (and sometimes a bit gross) during this economic…whatever this is. They’re using the downturn as an opportunity to get rid of people they don’t like, which solidifies their workforce. Here’s the move:… " More


I'm enjoying this season of Westworld for one primary reason: it's mostly a sci-fi show with characters in it, rather than a character show in a sci-fi setting. Story matters most, and normally that's character story, but in this case I am enjoying seeing what's being said about society more than anything. More

I'm now reading Freedom, the second book of the Daemon series by Daniel Suarez. Picks up exactly as a continuation of the first one, and it's become quite good. Similar to my comment above about Westworld, this book isn't just fun. It's also commentary about where we might be headed. More


CrowdSec: The Massively Collaborative Cyber Defense Solution

Discover CrowdSec, an open-source and collaborative intrusion detection and prevention solution. Analyze visitor behavior & remediate various attacks, for free.

Each time an IP is blocked, all community members are informed so they can block it too — making the solution not only reactive but also preventive. Thanks to the collaborative CTI, CrowdSec users experience 90% fewer attacks on their servers.


Measuring CO2 Levels as a Proxy For Covid Risk
Some really interesting analysis of the "stuffiness" of a room using CO2 levels, and mapping that onto the chances of Covid particles being in the air. Basically, indoor air is less fresh and has much higher CO2 levels, and if you see the levels rise above 1000-2000 with people around, you are likely to be breathing a lot more of air from their lungs. Funny, I just bought three of these CO2 detectors for the house. More | Detectors

Diablo Immortal is Doing $1 Million a Day
Diablo's new mobile game is making over $1 million a day in microtransactions. It's a bit gross how much you need to pay to play this game, but if they're spending any significant amount of that money on Diablo IV I'm cool with it. More

Sponsored Interview With Keeper Security
I had the opportunity to sit down with Zane Bond from Keeper Security. We spent around 40 minutes talking about Keeper's products, the problems they solve, and how they think about the password problem. Listen to the Interview

How to Be a Great Technical Interviewer
A solid write-up on what to avoid and try for when doing technical interviews. More

Amazon Only 1% Behind Netflix Now
Netflix has dropped to 21% of streaming market share. Amazon is at 20%. HBO 15%. Disney+: 14%. Apple has finally hit 6%. More

8 NFT Scams to Avoid
8 distinct NFT scam types that you should watch for if you do anything with NFTs. More

Absurd Trolley Problems
An interesting set of moral thought exercises that escalate in complexity to reveal our inner biases. More

⚙️ RECON | Steampipe
An AWS perimeter checking tool that can be used to look for resources that are publicly accessible, shared with untrusted accounts, have insecure network configurations, and more. More | by Turbot

⚙️ PRODUCTIVITY | Vimified
A way to learn Vim using interactive lessons. More 


Take some time to think about the quality of your indoor air. Primarily at home, but also when you're out and about. The more CO2 present, the more "stuffy" the room is, and if there are people in that room with you then you're sharing each others' air. Consider measuring the CO2 levels in the air around you. Measurement Options


"In this world there are only two tragedies: getting what we want, and not getting it."

— Oscar Wilde