The Pentagon has ordered a review of US Information Warfare operations being conducted via social media platforms. Twitter and Meta both identified networks of fake accounts connected to the US Military, and the DoD is asking all branches of the military to fully report their Information Warfare ops by next month. Some examples included the use of AI-generated faces and posing as fake media organizations. MORE
A leak of around 160,000 files from Russia's internet regulation agency has revealed its extensive censorship and targeting of dissidents. It highlights the campaign to identify protest sentiments and de-anonymize and surveil prominent critics. The docs were leaked in March, and the New York Times built software to index and search the documents, spreadsheets, videos, and presentations for individuals and topics of interest. NYTIMES | RUSSIAN BLOCKLIST
Researchers have figured out how to read people's screens during Zoom/Meet/WebEx calls by reading the reflections in participants' glasses. They can evidently read text as small as 10mm with 75% accuracy with just a 720p webcam. MORE | READ THE PAPER
🔭 JupiterOne: Know What You're Defending
Perhaps the biggest problem in cybersecurity today is that companies don't have a good understanding of what they're defending. Too many organizations don't have basic lists of their assets, and even more have many disjointed lists that aren't unified into a single system.
JupiterOne solves this Step0 problem by collecting everything you own into a single system of record that includes DNS, cloud infrastructure, things listening on your perimeter, traditional servers and networks, endpoints, SaaS applications, and many more.
Finally, it links these together using graph-based technologies that allows you to ask complex Attack Surface Questions, like "Show me all VMware-based systems owned by Marketing that are associated with our crown jewels and that have something facing the internet."
NSA and CISA have issued guidance on how to secure OT and ICS infrastructure. Best practices include: Limiting exposure to system data, identifying remote access points, restricting tools and scripts, conducting regular security audits, and implementing a dynamic network environment. MORE | READ THE ADVISORY
San Francisco police can now access the private security cameras belonging to residents as part of "significant events with public safety concerns". Perhaps I should be more alarmed, but this is only possible with the permission of the camera owner. It's not like they're compelling people to grant access. Effectively it's granting police more eyes in the city, and doing so with the explicit help of citizens seems like a best-case scenario. MORE
A CIA doctor sent to Cuba to investigate Havana Syndrome now has the disease himself. "Because officials at the time suspected some kind of sonic attack, Andrews went into the bathroom and sat with headphones on for 45 minutes. The symptoms didn’t abate, and by 6 a.m., he had decided to pack up and leave the room." MORE
Okta says credential stuffing accounts for 34% of all login attempts. MORE
Meta is looking to reduce costs by at least 10%, which will come from staff reductions and other cuts. The changes involve cutting positions, reorganizing departments, and otherwise shaking things up to revitalize people working there. Google is doing something similar by having people apply for new jobs internally. MORE
OpenAI released and open-sourced an multi-lingual speech recognition tool called Whisper. It enables "robust" transcription in multiple languages, as well as translation from those languages into English. MORE
There's a project called Shasta that does podcast production using Adobe's AI-based speech editing tools. This is really impressive, but I can't wait until you can take your own voice as a reader and provide your own text. I'm sure that's already possible using their tools, but it's probably not available for obvious reasons. MORE | DEMO VIDEO
Apple is starting to make the iPhone 14 in India. They're looking at 5% of production in India by late 2022, and 25% by 2025. Happy to hear it. The faster everyone can get out of China the better. MORE
Nvidia is releasing its new RTX 4090 graphics card in October. The 4090 will be 2-4 times faster than the 3090 and will cost $1,599. The 4080 will be $899 and will come out in November. And as a bonus, crypto has crashed so you should actually be able to buy these things. MORE | MORE
Spotify is now selling audiobooks. Not sure how they could pull me away from Amazon/Audible, but I'm happy they're going to try. Books will show up next to music and podcasts in its primary app. MORE
You can now edit human faces with DALL-E. OpenAI originally disallowed this due to concerns of misuse, but they put protections in place to mitigate that risk. MORE | TRY IT OUT
Iran is experiencing significant unrest as the government tries to control human rights protests, and they've started restricting access to Facebook, WhatsApp, and other social media as part of their strategy. UL stands with the people—and especially the women—of Iran. 🇮🇷 MORE | MORE
US solar energy prices have dropped over 75% since 2010 and over half the generating capacity in the US was installed in 2021. Overall the US added over 12.5 gigawatts, bringing the US total to over 50 gigawatts. MORE
The US's NTSB is recommending that all new vehicles sold in the US be fitted with a blood alcohol monitoring system to stop people from driving while intoxicated. Around 12,000 people died in alcohol-related crashes in 2020, which was around 30% of US traffic deaths. More
Sweden just voted in a right-wing government, likely due to a massive rise in immigrant violence in recent years. There have been over 500 bombings in the country since 2018, with most being attributed to gang conflicts. Italy just nominated their first female prime minister, and she's right-wing as well. NYTIMES | ANALYSIS BY PAULINA NEUDING
CONTENT, IDEAS, & ANALYSIS
✍️ 5 Things I'm Still Waiting for With the iPhone, Apple Watch, and Airpods
The things I think are still missing from Apple's top, "almost there" personal products. READ
💡Trapping Employees With Training Paybacks
There's a tactic that companies use to trap employees in jobs they would otherwise quit. It's called a Training Repayment Agreement Provision (TRAP), although I'm not sure that's an official name because, um, why would you name it that? Anyway, this reminds me of check-cashing scams and similar shenanigans. It's legal because business owners who profit from it know the right lawmakers and lobbyists. Eerily similar to indentured servitude, and super gross. MORE
It was great seeing everyone at bookclub yesterday. And I want to thank the UL community for being so beautifully kind about my recent loss. You all are truly special. Thank you.💜
Pretty big announcement today: I'm now officially transitioning to working for myself doing Unsupervised Learning! That's not just the show, but the umbrella property for my security consulting, the products I'm building, and various other endeavors. Will be sharing a lot more soon and if your company needs any help building their security program, or reprioritizing efforts given budget constraints, do let me know. I'll be helping my current team at work transition until October 31st, and will be 100% dedicated to UL thereafter. REACH OUT
I am sitting on a treasure of plans to share with you all, and 7 pretty exciting pieces of content, and a list of 9 books I've read in the last 45 days. So much more to come in future episodes.
If you thought UL was good before, just know it's been at a 4 to a 6 on my scale. It's now time to take it to 14.
🛠️ varc | FORENSICS | (97⭐️)
varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident. It creates a zip file, which contains a number of different pieces of data to understand what is happening on a system. TOOL | by CADO SECURITY
📝 How to Secure Against Forced Browsing | RECON
Eliminate an entire vulnerability class from your web server in less than an hour. ARTICLE | by JOSEPH THACKER | FOLLOW HIM ON TWITTER
🔭 [Sponsor] JupiterOne: Know What You're Defending — Consolidate everything you're defending into a single, graph-based system of record that allows you to ask complex Attack Surface Questions. START YOUR FREE ACCOUNT
Fierce Nerds — An essay by Paul Graham. MORE
Neal Stephenson didn't just invent the word "Metaverse". He also has a Metaverse startup, called Lamina1, and they just released a paper on how to build it. MORE
"Can't keep paying $120,000/y for ~1,000 active users on Slack when Discord is free." This is a problem for the UL community as well. We are exploring our options because it's so incredibly expensive to have a paid Slack plan. MORE
The CIA has a new podcast called The Langley Files. MORE
What I've Learned From Users — Another essay by Paul Graham. MORE
The Creator Economy Power Law MORE
Someone built a database of successful companies. MORE
"I love to be alone, but this loneliness is killing me." MORE
An argument that there's no such thing as a "Software Supply Chain" because money doesn't change hands during an
npm install. MORE
Hacker Cats — A collection of AI-generated Hacker Cats COLLECTION | by JOSEPH THACKER | FOLLOW HIM ON TWITTER
RECOMMENDATION OF THE WEEK
Ask yourself a question, and be super honest.
"What would you do if you weren't afraid?"
APHORISM OF THE WEEK
"Everything you want is on the other side of fear."