Exploring the intersection of security, technology, and society—and what might be coming next...
Standard Web Edition | Ep. 281 | May 17, 2021
| SECURITY NEWS Darkside, the ransomware group that ransomed Colonial, has largely gone dark after its servers and Bitcoin were seized. Its blog, payments collection site, and its CDN have gone offline. The most interesting thing to me about this story is that the attack appears to have been somewhat accidental, and the attack was actually on the company’s IT systems and not their OT systems. But it turns out that if your IT systems don’t work you can’t do things like, “operate your business”, so it ends up hurting almost as much as an OT attack anyway. More Biden signed an executive order on cybersecurity, with three top highlights: 1) multifactor authentication for all federal agencies within 6 months, 2) breach disclosure requirements based on the severity of the incident, and 3) a star rating system for the security of software sold to the government. More Analysis Verizon DBIR 2021: The primary trends for this year’s DBIR report were web application attacks, ransomware, and credential stuffing. 85% of breaches involved a human element. Ransomware doubled to 10% of breaches. And external cloud assets were compromised more than on-prem assets. More A security researcher has found a collection of major vulnerabilities in WiFi that affect most products that are in use today. Practical attacks don’t appear trivial to carry out yet, but that could change as the bugs are better understood and people have time to make tooling. Patches have started to come out from some vendors, but it will take time due to the fact that the bugs affect so many products over multiple decades. More Microsoft has released a free tool called Counterfit for testing AI-based security systems. It automates the launching of different types of attacks to see how AI-based systems respond, and they partnered with MITRE to release an ATT&CK style Adversarial ML Threat Matrix. More OpenSSH 8.2 now works extremely well with U2F/FIDO2 security keys, meaning you can easily create a hardware-based keypair using ssh-keygen -t ecdsa-sk and have things work well without elaborate hacks of your SSH configs. More Insurer AXA recently decided not to pay out for ransomware payments, and they are now dealing with a ransomware attack of their own. A ransomware group called Avaddon says they’ve stolen 3TB of data from AXA’s Asian operations. More The Pentagon is thinking about shutting down the JEDI cloud project due to all the legal drama around who it was awarded to. Amazon has been fighting the situation ever since the contract ever since it was awarded to Microsoft. More The DHS is now monitoring public social media posts for signs of extremist beliefs and behaviors in an attempt to prevent situations like January 6, 2020. They appear to be focusing less on finding people, but rather on specific themes, narratives, and related plots. More Vizio makes nearly as much from selling your data and selling ads as it does from selling the actual hardware. This is yet another example of where ‘cheap’ often equates to ‘subsidized by selling your data’. More A report from the Center for Countering Digital Hate says only 12 people are responsible for 65% of COVID-related misinformation being shared online. More Cloudflare is looking to replace CAPTCHAs with physical security keys. It’s a cool idea, but requires that websites adopt it. More More Arlington Research says 85% of customers running Microsoft 365 have suffered email data breaches. More Brian Krebs says adding Russian or Ukrainian as a virtual keyboard language will stop a lot of malware. More Vulnerabilities:
TECHNOLOGY NEWS GPT-Neo is a new, free version of GPT-3. The biggest difference between GPT-3, which is not free, and GPT-Neo is that GPT-3 has much larger models. GPT-Neo has 2.7 billion parameters while GPT-3 goes up to 175 billion. More STADIA, Google’s video gaming service, looks to already be in major trouble. Google seems completely unable to make a cohesively good product anymore (functionality + usability). I don’t understand how their product people are allowed to constantly fail, for like a decade, without anyone catching on that there’s a problem. Someone said they’ve become the Oracle of the tech world, and I am starting to agree. More Esports seems to be moving away from teams and leagues and towards influencers and streaming. A big reason for this is that the athletes themselves were prohibited from promoting themselves over their teams, which wasn’t sustainable. I think the more sustainable model is individual first—connected through looser and more temporary affiliations. More Companies
HUMAN NEWS Top industry experts are now saying that the lab leak theory of how COVID initially spread is not conspiracy thinking, and that it needs to be taken seriously. This is something we’ve talked about here at Unsupervised Learning multiple times. Basically there were legitimate political sensitivities around being anti-China that were stopping this from being explored, but the fact is that this exact type of research has been going on for a very long time, and similar leaks have happened multiple times both in the US and in Asia. So it’s quite possible that it simply happened again in the case of COVID-19. More Consumer prices (see inflation) rose the most since 2009 in April, and it caused a major disturbance in the stock market. More McDonald’s, Chipotle, and others are raising wages to address the lack of applications to open positions. More China has landed its Zhurong rover on Mars. More It’s really hard to sell a book. The New York Times says 98% of books sold in 2020 sold fewer than 5,000 copies. And Bookstat says 96% of online books sold fewer than 1,000 copies. Only 11 books sold more than 500,000. More Consumer Reports says Tesla Model 3 owners are the happiest car owners. As one such owner, I can say I’m definitely part of that cohort. More Target has stopped selling Pokemon cards in physical stores because of the risk of violence between people trying to attain them. More California has a $75 billion dollar budget surplus due to higher than anticipated tax revenue. More The University of California is dropping the SAT for admission consideration. More The firefighter community has a problem with arsonists. One expert says around 100 serial arsonists, working as firefighters, are convicted every year. More CONTENT, IDEAS & ANALYSIS The Ultimate Drug is Belonging — I think Belonging is at the bottom of most conspiracy thinking and truth denial we see today. Facts can and will be ignored if they’re coming from a group that people think has abandoned them. Namely, “the elites”. We must understand this if we want to make progress in any given conversation, and it shows us very clearly why “the deplorables” narrative does nothing but make things worse. More NOTES Currently re-reading How Innovation Works by Matt Ridley. More DISCOVERY The Purpose of Purpose More 43 years and 14 billion miles later, Voyager 1 is still sending us valuable data. More Game Developer Salary Comparisons More Ten Rules for Negotiating a Job Offer More An EFF Threat Modeling Lesson More Why Israel and Palestine Are Fighting More FireEye’s DARKSIDE gang analysis. More RECOMMENDATIONS I’m really enjoying this hilarious, improv-based podcast called A Mission to ZYXX. It’s basically a bunch of voice actors doing a sci-fi adventure. Really good. More APHORISMS “Freedom is nothing else but a chance to be better.” ~ Albert Camus |
