News & Analysis | No. 260

I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next. Every Monday I send out a list of the best content I've found in the last week to around 50,000 people. It'll save you tons of time.

MEMBER EDITION | EP. 260 | December 21, 2020

MY NEW CONTENT

Whose Life Are You Living? More

It's Becoming Easier to Fail and Succeed More

My Book Summary of Atlas Shrugged More

Google is Getting Left Behind Due to Horrible UI/UX More

SECURITY NEWS

SUNBURST — I think there's still far more we don't know about this hack than what we know, and caution is advised on thinking we know more than we do. There are indications that more than one group targetted the vulnerability, which seems more likely than not, and we still don't know how many major organizations have been hit, and to what extent. What we do know is that many US government organizations were hit to some degree, including one related to nuclear systems, but it's not clear the classification levels of those breaches. The biggest takeaways that I see are:

  1. We'll see a hyper-focus on Supply Chain Security within InfoSec/Cyber departments around the world in 2021. And it's a fractal problem because every vendor has their own supply chain. So if you have vendors that aren't in the top 1% of security programs themselves, they likely have serious issues controlling their own stuff, let alone you controlling them.

  2. We'll hopefully recognize that our policy on Russia has been far too relaxed. We too often, and too publicly, treated them as allies while they continued their offensive actions against us.

  3. We'll likely see this breach as layered over time, with different fallouts and impacts likely revealing themselves months or years in the future.

  4. This event, combined with work-from-home, is likely to add even more focus to Zero Trust initiatives within companies around the world. Companies will seek ways to completely isolate third-parties from production, which works in some cases and not in others. Step one for most integrations is to either give them data or install their software, so I think people are going to start looking at increasingly creative ways of managing this risk.

  5. This will hopefully start putting an end to over-reliance on security questionnaires. Ask yourself how many vendor security assessments Solarwinds went through, and passed, in the time since they've been compromised. I'd wager it's not a small number.

CISA has ordered all federal agencies to turn off SolarWinds products. More

Watch for a new phishing technique that uses fake shipping update emails from companies like Amazon, UPS, and FedEx. That's brilliant, and especially during Christmas time. Clicking the links can prompt for information and install malware, which then moves the victim into a ransomware workflow. More

Bellingcat found the team that poisoned Alexey Navalny, including who they are and where they work. They evidently work for a secret chemical weapons program, which is detailed in the report. More

Malwarebytes says the number of exposed RDP ports grew from around 3 million in January to around 4.5 million in March as a result in work-from-home. This has increased the number of attacks on internal networks by attackers, giving them the ability to drop malware, launch ransomware attacks, etc. More

The US Department of Commerce has placed DJI—the Chinese drone company—on its badlist that already includes hundreds of other companies like Huawei. The list includes: "businesses, research institutions, government and private organizations, individuals, and other types of legal persons” that are subject to additional scrutiny and license requirements for the export and transfer of specific items, with an emphasis on technology".

Sophos and ReversingLabs have released a 20 million sample dataset for malware research. More

A company called Capella Space just launched a satellite that uses an imaging technology called SAR, which doesn't just receive EM waves from below, but actually bounces its own 9.6 Ghz signal off the ground and looks at what comes back. This allows the tech to see through some light buildings, all the way from space. Which is awesome in the same way drones with machine guns are awesome. More

Space Force personnel will be called Guardians. More

TECHNOLOGY NEWS

Amazon just released CloudShell, which allows you to set up a quick aws-cli-enabled shell to any AWS system you manage without managing keys and such. More

Amazon has released Chaos Engineering as a service, called AWS Fault Injection Simulator. I am so happy to see this. More

Facebook is working on a new product called Super that lets fans interact with celebrities in realtime. More

Facebook is working on a new tool called TL;DR, which can summarize a news story into bullet points. Neil Postman would have loved this one. More

HUMAN NEWS

A study of over 600 millionaires showed that they largely share the same traits of discipline, focus, resilience, and perseverance. More

Archaeologists have found a new part of a Mexico City tower of 484 human skulls assembled by the Aztecs as part of human sacrifices. More

Researchers have found that disrupted circadian rhythms increase a certain protein (YKL-40), which is strongly associated with the development of Alzheimer's Disease. More

Riot Games is working on a League of Legends MMORPG. More

McKenzie Scott, Jeff Bezos' ex-wife, has donated more than $4 billion dollars to charity in 4 months. More

IDEAS, TRENDS, & ANALYSIS

Why Bitcoin is Thriving — I've largely stayed away from it simply because I didn't understand it. That changed last week due to a guest on Scott Gallaway's podcast, ProffG, who said it basically came down to two things: 1) it's a finite currency, like digital gold, that you can't just make more of like a dollar, and 2) it's protection against governments printing more money and making your current cash and stock worth less. This guy said existing cash and stock would lose 30-50% of its effective value within the next 5 years—or something crazy like that—which seemed extreme. But whether or not that happens, the points remain. Bitcoin is becoming an asset for protecting wealth—both because governments can't mess with the supply, and because it's a finite resource like gold. So I may dip in once again. More

China's New Fear of Big Businesses — It was a big deal when China suddenly stopped Jack Ma from taking ANT public, and now it looks like the CCP is taking a broader look at how powerful big businesses are in the country. It seems they—probably rightly so—see businesses like Alibaba and Tencent as potential challenges to their power in the future, so they're going to take measures to control them. This is great for the west, actually, since it's likely to communicate very clearly to people like Jack Ma that they should be doing business somewhere safer to their interests. More

AI Bots to Address Loneliness — A company called Xiaoice makes a female bot that works like the movie Her, but specifically for male customers. It works by becoming close with lonely Chinese men and functioning often as their only companion. This article gives an example of a man who was about to commit suicide by jumping off a building, when the bot answered and said, "No matter what happens, I'll always be there." He didn't jump. The bot has evidently interacted with more than 600 million users, skewed towards Chinese, male, and lower-income. The bot even has a comic book. And a number of people are starting to raise alarms about what is being done with all the data being collected. I expect this trend to continue, both because people are becoming more lonely as the classes bifurcate, and because the AI is improving so quickly. At some point the AI will provide as good or better relationships than many real humans—at least via text and virtual. And for those who are using the bot already, it seems that point is now. More

UPDATES

I've made the switch from my RODECaster Pro podcasting interface to the Apollo Twin Duo, and from using Hindenburg as my podcasting DAW to LUNA, the new DAW from Universal Audio. I'm still undecided on which DAW I'm going to use for making music, but it'll either be Logic, LUNA, or Ableton. I'm really loving the Universal Audio stuff. The interface is super pro and sounds great as an interface/amp to my Focal Stellia headphones as well. Just super high quality.

I wrote a ton over the last two weeks, as you can see from the new content section above.

I finished Atlas Shrugged finally (review above), and am working on Anna Karenina and Homeland.

I'm on a meditation break. Not sure how long for. So many health things are going poorly that I kind of want to make a big impact with multiple things at once when I pull it all back into shape. Strange, I know.

A new friend from the UL community is getting me hyped about Burning Man in 2022. I think I might really do this.

DISCOVERY

Nuclei — The best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well. More

AI Picture Restorer — Upload a damaged picture, and this AI will repair it. More

Risk Analysis of Kubernetes Clusters More

Why Content is King More

How to Learn Deep Learning, for Software Engineers More

AWS CIS Benchmark using Cloudquery More

Why I Left Feminism — A post that was submitted and removed from Hacker News. I find it strange how so many people leave one ideology and jump right into another. More

It turns out that airplane air circulation comes from the engines, and Fume Events are rare situations where a seal breaks that allow chemicals into the circulated air supply. The result can be nausea, headache, and grogginess. I smell something like this frequently before the plane takes off. I wonder if this is a function of the engine not being hot and the seal not being effective yet. More

Effective Linux & Bash for Data Scientists More

Amazon has turned middle-class warehouse work into a McJob. More

RECOMMENDATIONS

Pick one of the top 10 books of all time, and commit to reading it. The classics really do have something that other books don't. It'll be worth it. More

APHORISMS

“When you arise in the morning think of what a privilege it is to be alive, to think, to enjoy, to love…”

~ Marcus Aurelius