Unsupervised Learning: No. 243

InfoSec Creator Monetization, Initiating Contact with a Mentor, The Dark Side of Bounty/Creator Life, Facebook Election Threat Scenarios, Uber CISO Arrested, Spy HR Review Goes Bad, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

MY ESSAYSWhy InfoSec Creators Should Move to Direct Support Monetization MoreHow to Initiate Contact With a Mentor MoreWhat They Don’t Tell You About Being a Bounty Hunter or Content Creator MoreAlgorithmic vs. Faith-based Learning MoreSECURITY NEWSFacebook is threat modeling various scenarios where the current administration attempts to dispute or spread disinformation regarding the 2020 election results. They’ve even discussed a “kill switch” that can turn off all political ads on election day. MoreJoe Sullivan, the former CISO of Uber, has been arrested for trying to cover up the 2016 data breach that exposed 57 million drivers’ and customers’ data. Regardless of the details of the case, I like what this sets as a precedent regarding the responsibility to report. MoreCalifornia’s DMV is selling data to 98,000 different groups, including private investigators, bail bondsmen, and insurance companies. It’s one thing to have a privacy problem for voluntary services like Facebook and Google, but what do you do when the government forces you to surrender your data, which they then use to make a profit? MoreThe US Army says many North Korean hackers attack from outside North Korea. MoreA naturalized US citizen, born in Hong Kong and who worked for the CIA and FBI, was arrested Friday for selling secrets to China. The best part is how he got caught. The FBI impersonated his Chinese spy HR department, basically, and asked him what all he had done and what his goals were. He told them everything, including that he wanted “the Motherland to succeed”. MoreSoundarya Ramesh and her team have found a way to recreate a key by listening to it open a lock. And all you need is a smartphone recording. More DemoAlexei Navalny, an outspoken Russian opposition leader, was poisoned on a flight and is now on a ventilator. It’s remarkable to me that everyone knows Putin kills his political opponents using poison. It’s common knowledge and the international community seems uninterested. More An AI beat a human in an F-16 dogfight again. MoreVulnerabilities:

Microsoft issued out-of-band fixes for Windows 8.1 and Server 2020 R2. More
A Jenkins Server vulnerability (CVSS 9.4) could result in data disclosure. More

Breaches:

Experian reported a breach that exposed data on around 24 million South Africans and 800,000 businesses. More
240,000 records were stolen from the Utah Gun Exchange, including emails, usernames, and passwords. More

Ransomware:

Jack Daniels says they repelled a ransomware attack, but REvil has posted data they say they took from them. More
The University of Utah paid almost $500K in ransom to get back its student and employee data. More
Konika Minolta was hit in July, but they said it didn’t affect their All Covered MSP. More

Disinformation:

Facebook has removed 790 QAnon groups. More

Companies:

Palantir’s S-1 leaked last week and it reveals some truly strange numbers, including the fact that they’ve been in business for decades yet only have 125 customers. They also lost almost half a billion dollars in 2019, and almost a third of their revenue comes from its top 3 customers. More
Cobalt.io secured a $29 million dollar Series B. Way to go, Caroline Wong and team!
SenseTime is China’s largest facial recognition startup, and it got banned by Trump in 2019. But now it’s now thriving (projecting 80% revenue growth in 2020) due to sales to local governments in China for COVID monitoring. More

TECHNOLOGY NEWSA company called Hour One has raised $5 million to use AI to generate synthetic characters from real humans. They can be programmed to say anything as that person. This is massive. This is basically the creation of peoples’ digital avatars, and the actual manifestation of Deepfakes that everyone has been waiting for. More DemoTesla wants to use radar to detect kids inside hot cars. MoreQR Codes are making a serious comeback amid COVID. MoreA UC Berkeley student used GPT-3 to generate some blog posts, and one of them got to the front page of Hacker News because people thought it was 1) real, and 2) great. MoreOracle is now one of the companies trying to buy TikTok’s US operations. MoreAmazon is adding 3,500 tech and corporate jobs across 6 US cities. MoreHUMAN NEWSFinland showed the results of a 2-year basic income experiment, and unemployed people who received the guaranteed income reported being happier and actually worked more days per year than those who did not. MoreJapan’s GDP fell by almost 8% in Q2. MoreIDEAS, TRENDS, & ANALYSISHow China Surveils the World — A brilliant interview-style discussion of how China sees big data and what they’re doing with it. Read this and then remember that they have Equifax data, OPM data, Marriott data, and countless other similar datasets. They’re playing the long game here of deeply knowing targets, even if they won’t actually be targets for decades to come (see TikTok). MoreI had a particularly nasty idea for a ransomware tactic: present your findings as a bounty report, where you’re asking for payment for the legitimate issue you’ve discovered. In other words, don’t use any “compromise” language so that the leadership of the company can plausibly deny that anything bad happened. Then, if that doesn’t work, they switch to the normal language of, “We’ve got your stuff. Pay us.” This is such a good idea I can guarantee lots of groups are doing it already.The TikTok Ban is Overdue MoreThinking of yourself as a separate entity (like inside and outside of work) can reduce anxiety and improve your confidence and determination. MoreBlockchain, the Amazing Solution for Almost Nothing MoreUPDATESHere’s the DEFCON video of my talk, Mechanizing the Methodology, including a link to the slides. MoreThe length of the show has been growing again. Not only have I had many stories lately, but some of the comments have been fairly long-form, i.e., large paragraphs as opposed to 1-3 sentences. I think I’m going to try to adjust that back a little so the show remains easy to get through, and highly curated. Especially in the newsletter form. I mean, it’s already curated from thousands of articles to a few dozen, but I think I can do better. My main thing is I don’t want to feel like I’m giving someone a ton of work when they read the newsletter. Please reply with your preference if you feel strongly about this in either direction.I really want to create a list of every book I’ve read that gets auto-updated using Amazon Kindle/Goodreads. It looks like this will be the path. I might outsource it just to save time, or I might just do it myself in Python 3 this week. A PIDISCOVERY There’s a new coffee brewer called the Ratio Eight. I kind of want one, but I already have like 9 ways to make coffee, and it’s like $500. It’s an intelligent Chemex machine, basically. Intriguing. I’m very happy they’re out of stock right now. More @hakluke posted a great tutorial on OWASP Amass. MoreLog and Time Series data are not the same. MoreKapow — Turn a shell command into an API. Cool! Also, yikes. MoreIntel Owl — Threat Intelligence on a file, IP, or domain. MoreSpaceSiren — A honey token manager and alert system for AWS. MoreMITRE Shield — A mapping for ATT&CK to defenses. MoreDraw — A collaborative whiteboard. MoreA really nice collection of online tools for various tasks. MoreRECOMMENDATIONSI really enjoyed this podcast series by Kevin Roose, called Rabbit Hole. It’s all about the effect of the internet on people. Specifically, how it can pull people in increasingly extreme directions via algorithmic recommendations. It covers PewtiePie, QAnon, and other major events in internet history. MoreAPHORISMS“The tyranny of a prince in an oligarchy is not so dangerous to the public welfare as the apathy of a citizen in a democracy.”~ Charles de Montesquieu

No related posts.