This week’s topics: My recap of RSA 2017, Google’s zero-trust implementation, Trump domain hacked, robots doing your taxes, the IoT Security train analogy, the future of authentication, toolswatch best tools of 2016, and more…
This is Episode No. 66 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 15 to 30 minute summary.
The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well.
The show is released as a Podcast on iTunes, Overcast, Android, or RSS—and as a Newsletter which you can view and subscribe to or read below.
Infosec news My RSA 2017 Recap LinkYahoo! is sending out another round of notifications to users saying there was an issue last year where attackers could create backdoor cookies using internally created software. This creates more questions than answers for me. LinkA U.S. company's toy called My Friend Cayla is a doll that can be controlled via speech recognition and over the internet via an app. Germany has classified the doll as an illegal espionage apparatus and have demanded that German stores stop selling it. The fallout from Snowden continues. LinkThere's a new piece of Mac malware that's supposedly linked to the APT28 group that is said to have been associated with election related hacking last year. LinkGoogle shared their zero-trust network security implementation at RSA last week. Lots of companies talk about this, but they're actually doing it. And it's taken six years to get where they are. LinkIBM researcher Charles Henderson can still follow his car everywhere, even though he solid it a long time ago. LinkResearchers are warning that voice authentication is not good enough, and that it must be combined with other authentication types. I 100% agree. LinkDutch researchers have found a way to undermine ASLR protection, which could make it much easier to create working exploits. LinkTechnology news A subdomain belonging to Donald Trump was hacked by someone who left a pro-Iraqi message. Secure2.donaldjtrump.com was evidently compromised through a DNS configuration flaw. LinkApple has purchased an Israeli company called RealFace that specializes in facial recognition. I hope they don't go to this exclusively, as I think it's going to be a lot more error-prone than TouchID. LinkGoogle Fiber is shrinking massively as it prepares for new connectivity deployments to be mostly wireless. LinkThe cost of manufacturing carbon fiber has fallen massively, and the price to consumers is about to follow. LinkHuman news Robots will soon do your taxes. Those jobs are just about gone. LinkBill Gates is quite worried about bioterror. LinkWe don't understand consciousness, and we don't understand quantum physics. Some researchers are starting to ask if that's more than a coincidence. Link26% of American adults haven't read a book in the past year. I suspect the problem is far worse than that. LinkThe extreme nerdiness of hand-drawn infographics. LinkIdeasIoT Security's Train Analogy LinkViolence and Terror Are Not the Same LinkMy article from 2015 on the Future of Authentication LinkWith Machine Learning, Batteries Are Often Not Included LinkDiscoveryThe ToolsWatch best security tools of 2016. LinkAn unbelievably great deck by Momentum Partners on big moves in the InfoSec space. Link DataSploit: Performs various OSINT techniques and organizes results visually and into usable data. LinkA great presentation on starting in IoT hacking. Uses the IOT Security Project that I lead. LinkCombining OpenCanary and DShield. LinkNotesHere are the slides from my RSA talk on securing Medical Devices using Adaptive Testing methodologies. LinkHere are the slides from my IOAsis talk on implementing Honeytokens throughout the stack without a budget. LinkI'm going through the RSA 2017 vendor list and condensing each interesting technology company into a single sentence. I need someone to pick an alphabet letter and help me clear out the list. I'm currently in the D's (lol). If you want to volunteer for a letter, ping me at [email protected]. LinkI'm about halfway done with the Hamilton biography, and I've just purchased the Federalist Papers as well, which I'll read next. LinkRecommendationsEnsure that your backup strategy is resistant to malware. In other words, if ransomware malware can get to your backups, then you might as well not have any backups.Aphorism"By doing just a little every day, you can gradually let the task completely overwhelm you." ~ Unknown
Thank you for listening, and if you enjoy the show please share it with a friend or on social media.
No related posts.