Exploring the intersection of security, technology, and society—and what might be coming next...
Standard Web Edition | Ep. 291 | July 26, 2021
| SECURITY NEWS CISA has released a set of TTPs for Chinese state-sponsored cyber operations. More The US says China breached 13 pipeline operators between 2011 and 2013. According to FBI and CISA, the attackers were state-sponsored and made no attempt to modify pipeline operations in the targets. More A top US Catholic Church official was outed after someone tracked his cellphone data to Grinder and gay bars. More CIA’s director says he’s doubling efforts to figure out what’s causing Havana Syndrome, which has affected more than 200 US officials and family members globally. More Clearview AI, the company that got in so much trouble for selling access to a database of people’s faces and profiles, just raised $30 million in investment. More There’s a new NTML Relay attack on Windows called PetitPotam. It works by forcing hosts to authenticate to an arbitrary machine via MS-EFSRPC. More Kaseya has the universal decryptor for the REvil ransomware it was infected with. More Antivaxx communities are adjusting their tactics to include speaking in code to avoid detection and banning. This example talks about “Dancing Folks” and “Non-Dancing” doctors. More People are becoming concerned that getting benefits is increasingly requiring that you agree to the use of facial recognition technology. 25 states are working with a vendor called ID.me, which uses the tech to verify identities for unemployment applications. More Vulnerabilities:
TECHNOLOGY NEWS Companies are working on tech to pull carbon out of the atmosphere, called Direct Air Capture, and there’s significant interest from investors. More DeepMind created a system called AlphaFold that it says has predicted the structure of every protein in the human body, as well as for many yeasts, flies, mice, and other organisms. The protein structures can be used to help understand and fight disease, and they’re releasing them all to the public. More Netflix is gambling on gaming over buying music studios. More Facebook is looking to become a Metaverse company. What does that mean? Basically, the convergence of physical, augmented, and virtual reality, along with an economy, and the ability to move seamlessly between them. I think this is smart, and Facebook is likely to do well as a first-mover in the space. More More A survey by Unit4 says 83% of finance professionals plan to upskill on AI and related tech within 2 years. More HUMAN NEWS 41 percent of people across 11 countries say their next car will be electric. More China has effectively banned tutoring services in the country, essentially stating that education should be a matter of welfare not profit. More A lot of experts are saying we’re likely to see large numbers of vaccine mandates once the FDA grants full approval to the main vaccines. Yes, you heard that right. The current offerings aren’t yet FDA approved. Once they are, many employers and businesses are likely to require people to be vaccinated. Pretty hard to do that when the FDA hasn’t signed off yet. More India is considering a two-child policy to keep its population growth in check. More PG&E will bury 10,000 miles of power lines. Many believe power lines could have been the cause of the massive fire in southern Oregon. More CONTENT, IDEAS & ANALYSIS Associate With Grinders — Why I enjoy biographies so much, and how I plan to adjust how I spend my time. More How to Improve Vaccination Rates Using a Conspiracy — A conspiracy to use a conspiracy to improve vaccination rates. More Dead Drops and Security Through Obscurity — A quick piece looking at the security of Dead Drops. More The Presenting Vendor Paradox — Why so many conference talks come from company representatives. More More InfoSec is Kids Falling Down Stairs — My analogy for security is kids falling down stairs. It’s easy to push them (Pentesting), and it’s easy to sit at the bottom and catch them (Defense). But after a while neither makes you feel that heroic. You just come to be sad that it keeps happening. More Vaccination Math— Obvious to most readers, but helpful to pass on: a rising rate of infections in vaccinated people is normal in a population that is rapidly vaccinating. If a population is 100% vaccinated, and some tiny fraction of vaccinated people can still get sick, then 100% of people getting sick will be vaccinated. The trick isn’t to ask how many people who test positive were vaccinated, but rather, “What percentage of non-vaccinated vs. vaccinated people become hospitalized or died when they tested positive?” For example, 100% of COVID deaths in June in Maryland were unvaccinated. And cases and hospitalizations were 95% and 93% respectively. In Louisianna, 97% of cases and deaths since June were unvaccinated as well. It’s pretty much high-90’s percentages for cases, hospitalizations, and deaths everywhere in the US. Those are the numbers people should be looking at. More NOTES The UL Book Club today (Sunday) was outstanding. We talked for a full 90 minutes about the topics of China’s rise, the legitimacy of the book’s claims, and what can and should be done about China’s new approach. Fascinating discussion. We also picked the next book, which is Dune! David thought it was a good idea given the upcoming movie in September. More Someone plagiarized a bunch of my and other peoples’ work, and I asked Twitter for help finding him and asking him to stop. The article came down in minutes, and I believe I framed it correctly in my messaging. In short, public callout, but a call for letting him learn his lesson and be forgiven. I still haven’t heard from the guy, though. Oh, and it looks like he’s blocked me on Twitter, along with everyone else mentioned in the thread. Maybe not so benign after all. More Getting back into the flow of writing (5 items in CONTENT, IDEAS & ANALYSIS this week), and will be starting the new job this week. Super excited about everything right now! So many projects. So little time. One of the new podcasts I just started listening to mentioned stretch gyms and breathing gyms. Not sure about you, but I’m not overly excited by the idea of breathing heavily in a room full of people right now. But stretching…that’s appealing to me. Right now I’m heavily focused on just getting my body working correctly. So, being really strong (weights), having a strong core (core workouts), and being flexible (stretching). I’ve never thought of full workouts just focused on stretching until I heard it on the podcast, but I’m intrigued. If you all know of any good remote options for this I’d love to partake. Bonus if they somehow integrate with Apple Fitness. DISCOVERY Drowning Doesn’t Look Like Drowning More The Great Resignation More A Full Guide to TikTok, by the Verge More Wander the Night — A website that plays wonderful soundtracks inspired by wandering in major Asian cities. More Dr. Who’s 13th season covers a single story. More Reverse Engineering for Dummies More Reconky — A Bash script that runs assetfinder, Sublist3r, amass, knockpy, httprobe, nmap, and eyewitness all in one tool. More ReverseSSH — A standalone, statically-linked SSH binary for use in CTFs or pentesting. More RECOMMENDATIONS
APHORISMS “You are what you can’t stop doing.” |
