Unsupervised Learning No. 243
STANDARD EDITION | EP. 243 | August 24, 2020
Why InfoSec Creators Should Move to Direct Support Monetization More
How to Initiate Contact With a Mentor More
What They Don't Tell You About Being a Bounty Hunter or Content Creator More
Algorithmic vs. Faith-based Learning More
SECURITY NEWS
Facebook is threat modeling various scenarios where the current administration attempts to dispute or spread disinformation regarding the 2020 election results. They've even discussed a "kill switch" that can turn off all political ads on election day. More
Joe Sullivan, the former CISO of Uber, has been arrested for trying to cover up the 2016 data breach that exposed 57 million drivers' and customers' data. Regardless of the details of the case, I like what this sets as a precedent regarding the responsibility to report. More
California's DMV is selling data to 98,000 different groups, including private investigators, bail bondsmen, and insurance companies. It's one thing to have a privacy problem for voluntary services like Facebook and Google, but what do you do when the government forces you to surrender your data, which they then use to make a profit? More
The US Army says many North Korean hackers attack from outside North Korea. More
A naturalized US citizen, born in Hong Kong and who worked for the CIA and FBI, was arrested Friday for selling secrets to China. The best part is how he got caught. The FBI impersonated his Chinese spy HR department, basically, and asked him what all he had done and what his goals were. He told them everything, including that he wanted "the Motherland to succeed". More
Soundarya Ramesh and her team have found a way to recreate a key by listening to it open a lock. And all you need is a smartphone recording. More Demo
Alexei Navalny, an outspoken Russian opposition leader, was poisoned on a flight and is now on a ventilator. It's remarkable to me that everyone knows Putin kills his political opponents using poison. It's common knowledge and the international community seems uninterested. More
An AI beat a human in an F-16 dogfight again. More
Vulnerabilities:
Microsoft issued out-of-band fixes for Windows 8.1 and Server 2020 R2. More
A Jenkins Server vulnerability (CVSS 9.4) could result in data disclosure. More
Breaches:
Experian reported a breach that exposed data on around 24 million South Africans and 800,000 businesses. More
240,000 records were stolen from the Utah Gun Exchange, including emails, usernames, and passwords. More
Ransomware:
Jack Daniels says they repelled a ransomware attack, but REvil has posted data they say they took from them. More
The University of Utah paid almost $500K in ransom to get back its student and employee data. More
Konika Minolta was hit in July, but they said it didn't affect their All Covered MSP. More
Disinformation:
Facebook has removed 790 QAnon groups. More
Companies:
Palantir's S-1 leaked last week and it reveals some truly strange numbers, including the fact that they've been in business for decades yet only have 125 customers. They also lost almost half a billion dollars in 2019, and almost a third of their revenue comes from its top 3 customers. More
Cobalt.io secured a $29 million dollar Series B. Way to go, Caroline Wong and team!
SenseTime is China's largest facial recognition startup, and it got banned by Trump in 2019. But now it's now thriving (projecting 80% revenue growth in 2020) due to sales to local governments in China for COVID monitoring. More
TECHNOLOGY NEWS
A company called Hour One has raised $5 million to use AI to generate synthetic characters from real humans. They can be programmed to say anything as that person. This is massive. This is basically the creation of peoples' digital avatars, and the actual manifestation of Deepfakes that everyone has been waiting for. More Demo
Tesla wants to use radar to detect kids inside hot cars. More
QR Codes are making a serious comeback amid COVID. More
A UC Berkeley student used GPT-3 to generate some blog posts, and one of them got to the front page of Hacker News because people thought it was 1) real, and 2) great. More
Oracle is now one of the companies trying to buy TikTok's US operations. More
Amazon is adding 3,500 tech and corporate jobs across 6 US cities. More
HUMAN NEWS
Finland showed the results of a 2-year basic income experiment, and unemployed people who received the guaranteed income reported being happier and actually worked more days per year than those who did not. More
Japan's GDP fell by almost 8% in Q2. More
IDEAS, TRENDS, & ANALYSIS
How China Surveils the World — A brilliant interview-style discussion of how China sees big data and what they're doing with it. Read this and then remember that they have Equifax data, OPM data, Marriott data, and countless other similar datasets. They're playing the long game here of deeply knowing targets, even if they won't actually be targets for decades to come (see TikTok). More
I had a particularly nasty idea for a ransomware tactic: present your findings as a bounty report, where you're asking for payment for the legitimate issue you've discovered. In other words, don't use any "compromise" language so that the leadership of the company can plausibly deny that anything bad happened. Then, if that doesn't work, they switch to the normal language of, "We've got your stuff. Pay us." This is such a good idea I can guarantee lots of groups are doing it already.
The TikTok Ban is Overdue More
Thinking of yourself as a separate entity (like inside and outside of work) can reduce anxiety and improve your confidence and determination. More
Blockchain, the Amazing Solution for Almost Nothing More
UPDATES
Here's the DEFCON video of my talk, Mechanizing the Methodology, including a link to the slides. More
The length of the show has been growing again. Not only have I had many stories lately, but some of the comments have been fairly long-form, i.e., large paragraphs as opposed to 1-3 sentences. I think I'm going to try to adjust that back a little so the show remains easy to get through, and highly curated. Especially in the newsletter form. I mean, it's already curated from thousands of articles to a few dozen, but I think I can do better. My main thing is I don't want to feel like I'm giving someone a ton of work when they read the newsletter. Please reply with your preference if you feel strongly about this in either direction.
I really want to create a list of every book I've read that gets auto-updated using Amazon Kindle/Goodreads. It looks like this will be the path. I might outsource it just to save time, or I might just do it myself in Python 3 this week. API
DISCOVERY
There's a new coffee brewer called the Ratio Eight. I kind of want one, but I already have like 9 ways to make coffee, and it's like $500. It's an intelligent Chemex machine, basically. Intriguing. I'm very happy they're out of stock right now. More
@hakluke posted a great tutorial on OWASP Amass. More
Log and Time Series data are not the same. More
Kapow — Turn a shell command into an API. Cool! Also, yikes. More
Intel Owl — Threat Intelligence on a file, IP, or domain. More
SpaceSiren — A honey token manager and alert system for AWS. More
MITRE Shield — A mapping for ATT&CK to defenses. More
Draw — A collaborative whiteboard. More
A really nice collection of online tools for various tasks. More
RECOMMENDATIONS
I really enjoyed this podcast series by Kevin Roose, called Rabbit Hole. It's all about the effect of the internet on people. Specifically, how it can pull people in increasingly extreme directions via algorithmic recommendations. It covers PewtiePie, QAnon, and other major events in internet history. More
APHORISMS
"The tyranny of a prince in an oligarchy is not so dangerous to the public welfare as the apathy of a citizen in a democracy."
~ Charles de Montesquieu