Daniel Miessler

Unsupervised Learning: No. 66

February 21, 2017
#ai #reading #business #culture #cybersecurity #ethics #future #innovation #meaning #society #technology

This week’s topics: My recap of RSA 2017, Google’s zero-trust implementation, Trump domain hacked, robots doing your taxes, the IoT Security train analogy, the future of authentication, toolswatch best tools of 2016, and more…

 

This is Episode No. 66 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 15 to 30 minute summary.

The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well.

 

The show is released as a Podcast on iTunes >, Overcast >, Android >, or RSS >—and as a Newsletter which you can view and subscribe to or read below.

 

Infosec news  My RSA 2017 Recap Link >Yahoo! is sending out another round of notifications to users saying there was an issue last year where attackers could create backdoor cookies using internally created software. This creates more questions than answers for me. Link >A U.S. company's toy called My Friend Cayla is a doll that can be controlled via speech recognition and over the internet via an app. Germany has classified the doll as an illegal espionage apparatus and have demanded that German stores stop selling it. The fallout from Snowden continues. Link >There's a new piece of Mac malware that's supposedly linked to the APT28 group that is said to have been associated with election related hacking last year. Link >Google shared their zero-trust network security implementation at RSA last week. Lots of companies talk about this, but they're actually doing it. And it's taken six years to get where they are. Link >IBM researcher Charles Henderson can still follow his car everywhere, even though he solid it a long time ago. Link >Researchers are warning that voice authentication is not good enough, and that it must be combined with other authentication types. I 100% agree. Link >Dutch researchers have found a way to undermine ASLR protection, which could make it much easier to create working exploits. Link >Technology news  A subdomain belonging to Donald Trump was hacked by someone who left a pro-Iraqi message. Secure2.donaldjtrump.com was evidently compromised through a DNS configuration flaw. Link >Apple has purchased an Israeli company called RealFace that specializes in facial recognition. I hope they don't go to this exclusively, as I think it's going to be a lot more error-prone than TouchID. Link >Google Fiber is shrinking massively as it prepares for new connectivity deployments to be mostly wireless. Link >The cost of manufacturing carbon fiber has fallen massively, and the price to consumers is about to follow. Link >Human news  Robots will soon do your taxes. Those jobs are just about gone. Link >Bill Gates is quite worried about bioterror. Link >We don't understand consciousness, and we don't understand quantum physics. Some researchers are starting to ask if that's more than a coincidence. Link >26% of American adults haven't read a book in the past year. I suspect the problem is far worse than that. Link >The extreme nerdiness of hand-drawn infographics. Link >IdeasIoT Security's Train Analogy Link >Violence and Terror Are Not the Same Link >My article from 2015 on the Future of Authentication Link >With Machine Learning, Batteries Are Often Not Included Link >DiscoveryThe ToolsWatch best security tools of 2016. Link >An unbelievably great deck by Momentum Partners on big moves in the InfoSec space. Link DataSploit: Performs various OSINT techniques and organizes results visually and into usable data. Link >A great presentation on starting in IoT hacking. Uses the IOT Security Project that I lead. Link >Combining OpenCanary and DShield. Link >NotesHere are the slides from my RSA talk on securing Medical Devices using Adaptive Testing methodologies. Link >Here are the slides from my IOAsis talk on implementing Honeytokens throughout the stack without a budget. Link >I'm going through the RSA 2017 vendor list and condensing each interesting technology company into a single sentence. I need someone to pick an alphabet letter and help me clear out the list. I'm currently in the D's (lol). If you want to volunteer for a letter, ping me at danel@danielmiessler.com. Link >I'm about halfway done with the Hamilton biography, and I've just purchased the Federalist Papers as well, which I'll read next. LinkRecommendationsEnsure that your backup strategy is resistant to malware. In other words, if ransomware malware can get to your backups, then you might as well not have any backups.Aphorism"By doing just a little every day, you can gradually let the task completely overwhelm you." ~ Unknown 

 

Thank you for listening, and if you enjoy the show please share it with a friend or on social media.

danielsignature

No related posts.

Thank you for reading...
Subscribe On YouTube Follow On LinkedIn
HOME·BLOG·ARCHIVES·ABOUT