Unsupervised Learning: No. 70

This week’s topics: Russians at it again, Microsoft and Adobe updates, PoS breaches, US-CERT throws TLS shade, epilepsy tweet stalking, Tesla’s billion, lip-reading AI, autonomous BMWs, Fiber Lasers, taxing robots, Green Zones and Red Zones, AI disruption of healthcare, discovery, recommendations, and aphorisms, and more…

This is Episode No. 70 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 15 to 30 minute summary.

The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well.

The show is released as a Podcast on iTunes, Overcast, Android, or RSS—and as a Newsletter which you can view and subscribe to or read below.

Infosec newsTwo Russian FSB members and two Russian hackers collaborated to execute the Yahoo! breach in 2014. This isn't the 2013 Yahoo! hack of a billion accounts. Or the other one. This is the 2013 one. LinkAdobe and Microsoft both pushed out significant patches last week, with Adobe fixing a bunch of Flash issues and Microsoft dropping 18 update bundles. Link1 million decrypted Gmail and Yahoo! passwords are available for purchase. LinkBrian Krebs is reporting another PoS breach, this time for a restaurant chain called Select Restaurants. His analysis is that the hospitality and restaurant industries are massively owned, and that this is especially true for smaller chains that don't have direct relationships with the banks whose cards are being run through their PoS systems. LinkIn a regular yearly tradition at CanSecWest in Vancouver, vulnerabilities were found in Safari, MacOS, Microsoft Edge, Adobe, Firefox, etc., and someone also escaped a VM. LinkUS-CERT has thrown some shade at HTTPS interception applicances and services like Cloudflare by saying they have a negative effect on secure communications. Link33 million US employees have had their data leaked. The data was discovered by Dun & Bradstreet, and is available in Have I Been Pwned.  LinkGitHub rewards an $18,000 bounty to a researcher who found an RCE issue in GitHub Enterprise. LinkUbiquity has a critical command injection vulnerability in more than 40 of its products' admin interfaces. Researchers reported the issue(s) to the vendor through its HackerOne bounty program, but went public with it after receiving an unsatisfactory response from the vendor. LinkA Secret Service laptop, security lapel pins, and radio were stolen from a Secret Service vehicle in New York City. Some of the items have supposedly been recovered, but it's not clear which. The incident is yet another entry in the book of recent embarrassments for the group. Link Sound waves have been used to confuse common accelerometers. LinkA new version of the Shamoon malware, called StoneDrill, has been found on a European petroleum company's systems. Shamoon was popularized back in 2012 for wiping disks at Saudi Aramco, and the new version does that even better and adds lots of more advanced functionality. Link38 Android devices infected with malware pre-installed in the supply chain. LinkWhatsApp and Telegram have flaws that can lead to account compromise. The issue is improper parsing of malicious images in the web version of the application. LinkA man has been arrested for cyberstalking after sending a flashing tweet to a journalist who has epilepsy. LinkTrump has put $1.5 billion in the new budget for cybersecurity and critical infrastructure. LinkTechnology news Tesla is raising over $1 billion to offset the risk of the Model 3 bet. LinkUber president Jeff Jones has quit among turmoil at the company. LinkOxford scientists, in cooperation with Google's Deep Mind division, say they've created an AI that can lip-read better than humans. LinkMicrosoft is putting ads all throughout Windows 10, including in the explorer window. LinkBMW is shooting for a level 5 autonomous car by 2021. LinkNetflix is dropping their five star ratings for a thumbs up or thumbs down. Basically, nobody ever uses 2-4 stars; it's always 5 or 1. LinkTeslas massive batteries are being used to power everything from breweries to small islands. LinkThe U.S. Army gets the first 60kW Beam Combined Fiber Laser Weapon. I'm excited and scared at the same time. Mostly excited though. LinkWePay now supports ApplePay and Android Pay. LinkIntel has purchased MobileEye for $15.3 billion. Their technology does computer vision for autonomous driving. LinkEveryone is spinning up for 5G. "Nothing will be mobile because everything will be mobile." LinkSony is working on mobile-to-mobile wireless charging technology. LinkNintendo is doubling production of its wildly popular Switch console. LinkMicrosoft's Slack rival, Teams, is now open to all Office 365 users. LinkHuman news  Numerous and sustained studies of "learning styles" have failed to find scientific support for the concept. LinkPolice have got a judge to petition Google for an entire city's searches for a given phrase, in order to help solve a fraud case. LinkTim Cook says globalization is in general great for the world. After reading Naked Economics by Charles Wheelan, I too agree. LinkBill Gates wants to tax robots. LinkIdeasFailure, and How to Help People Avoid It LinkGreen Zone, Red Zone LinkAI is about to massively change healthcare. Basically, you give more and more of your data, and the system tells you when you're sick, and exactly what to do to optimize outcomes. And it'll do this way better than human doctors. It'll basically be using the power of the entire human dataset each time it looks at you. LinkDiscoveryThe 6 levels (0-5) of autonomous car autonomy. LinkA list of the crazy cool projects that DARPA is currently working on. LinkPrinciples of Covert Action. LinkFive myths about obesity in America. LinkAnalysis of docker image vulnerabilities. LinkGlitch — A collaborative community for building applications, bots, or webpages. LinkNotesBrian Romelle, a prominent technologist focused on the voice-first revolution tweeted out my book last week, and generated a solid amount of interest. If you haven't read the book, or you've read it but not reviewed it, please take the time! LinkI'm speaking at HouSecCon this week with Jason Haddix on our Game Security Framework. The session will be recorded and we'll share it when it becomes available. LinkI've finished Sapiens and have started on Homo Deus. And, yes, Homo Deus is about humans becoming gods, like I said originally. Deus is Latin for god. Someone sent me a correction, which turned out to be wrong. Derp on my part. LinkI really wish Apple Watch had a round form factor instead of square. I get that the iPhone is rectangular, and that this is the shape of all their widgets, but high-end watch faces are mostly round. I'd give anything for an Apple Watch face that looked like a NOMOS TANGOMAT DATUM. The bad news for the watch industry is that I'm basically just going to wait for smartwatches to reach this level of craftsmanship. I can't see myself going back. LinkThe OSINT primer is still coming along. Being onsite with customers and other projects have extended the timeline a bit. But it's coming. I'm working to get some new wordlists (payloads and usernames/passwords) incorporated into SecLists. I've reached out to the creators of the various GitHub projects and they were happy to be incorporated. Will integrate as time allows.RecommendationsWhen you patronize hotels and restaurants (especially the smaller ones), expect the chance of POS malware to be far higher. Use a credit card rather than a debit card, and maybe don't use your favorite one. Consider designating a throw-away card that you use for higher-risk transactions, and that you don't mind having replaced frequently.Aphorism"People don't seem to realize that their opinion of the world is also a confession of character." ~ Ralph Waldo Emerson

Thank you for listening, and if you enjoy the show please share it with a friend or on social media.


No related posts.