Exploring the intersection of security, technology, and society—and what might be coming next...
Standard Web Edition | Ep. 309 | November 29, 2021
| [ We’ve extended the Black Friday offer for one additional day due to Cyber Monday. You have until the end of today to use this link to get $20 off UL Membership! ]|
CISA has released Capacity Enhancement Guides for improving mobile device security for both consumers and organizations. It’s a collection of guidance for topics such as countering phishing, securing browsers, implementing strong auth, and others. More
France was about to buy Pegasus from NSO Group, but with news that the group targeted French President Macron, and the US ban on the company, the deal is at risk. More
Apple is also suing NSO Group, citing the use of the company’s tool by opressive regimes to spy on innocent victims. More
In related news, Israel just announced that they’re banning the export of hacking and surveillance tools to 65 new countries. This supposedly brings the allow list down to 37 countries. More
Ross Bevington, a security researcher at Microsoft, says he looked at 25 million SSH brute force attacks across Microft’s sensor network and found that 77% of attempts were between 1 and 7 characters. Guesses over 10 characters were only seen in 6% of cases. More
Apple is going to start notifying users if they’re being targeted by state-sponsored actors. Targeted users will get a notification in their AppleID account, as well as an email and text. More
Palo Alto’s Unit 42 used a honeypot of 320 systems to detect attacks against internet-facing misconfigurations in daemons like SSH, RDP, and Postgres. They said 80% of the systems were compromised within a week, and some were hit within minutes. More | Report
David Shütz was awarded $10,000 by Google for finding vulnerabilities in Google Cloud Platform. More
Ukraine is pushing to upgrade its navy due to increased concern around Russian agression. More
Samsung is building a $17 billion chip factory in Texas, meaning more of the world’s chips will be made in America. More
Android users are evidently about to have a better text reactions experience when talking to iPhone users. Previously, reactions would come in out of order and generally looking wonky, and there’s an update rolling out now that will make them behave more like native Android reactions. More
Tile is being acquired by Life360, a location tracking company. More
Scientists are rushing to figure out how much current vaccines defend against COVID’s new Omicron variant. Meanwhile, Moderna says they could have an updated vaccine early in 2022. More
South Africa is complaining that they did the right thing by alerting the world to Omicron, but that they’re now being punished for it. Fair point, it seems. This is a good way to encourage countries to stay quiet in the future so they’re not the one listed as the source. More
California wants to delay the teaching of Algrebra until 9th grade across the entire state. A lot of people are upset about this, including me. Progressives need to learn that you can’t reduce the gap between the top and bottom by lowering the bottom. Students with education-focused parents (largely immigrants) will still learn advanced math early and they’ll still get into the best schools and get the best jobs. This kind of policy just pulls everyone else futher behind them. More
If you were waiting for a true sign of inflation, most items at the Dollar Tree will now cost $1.25. More
CONTENT, IDEAS & ANALYSIS
The Unsupervised Learning Daily Routine — I finally completed my daily routine writeup for the UL community. It’s not just the list of steps, but also includes annotations for why I included each item and the research behind it. It’s a living document that I’ll continue to tweak, and we’ll be able to track the changes over time in Github. More
I’ve been an advisor for a startup called Opera Event for around 5 years, and my buddy Andrew who works there is heading out to DCentral Miami this week. Opera Event is a community-focused technology platform that helps communities, guilds, and DAOs take control of their user data, incentives, and currencies. If you work at OpenSea or any NFT/Web 3.0-focused company, or know someone who does, hit him up at firstname.lastname@example.org to meet up there!
I’m somehow reading like 7 books right now. Not bragging. It’s sloppy and I need to clean it up. Basically need to push through or abandon a few.
I just started Assassin’s Apprentice, and I’m really enjoying the spin-up. Feels like an origin story with potential!
UL had a great bookclub today, and the book absolutely blew us away. It was way better than I thought it would be. The book was The Design of Everyday Things. This book is going into my Read Frequently list for sure.
I’m working on tons of content for the site right now, some general and some for members. The list includes a new Mental Models piece, which I’m really excited about.
COVID Deaths by Vaccination Status — A brilliant presentation of the data around this topic. Spoiler: In the US, people vaccinated with Moderna are around 14 times less likely to die of COVID than someone who’s not vaccinated. Note, this is before boosters, which will widen that gap significantly. More
Another meta-analysis of the impact of Vitamin D on COVID infection has found that, “The limited currently available data suggest that sufficient Vitamin D level in serum is associated with a significantly decreased risk of COVID-19 infection”. More
The Verge reviewed the new Generation 3 of the Oura Ring. Big takeaways: positive, with lots of features are still coming, and it now requires a subscription. More
The Age of the Creative Minority More
Bugcrowd is hiring a Technical Project Manager. More
Don’t Soften Feedback More
Hardening your SSH Config File More
Practical Security Recommendations for Startups With Limited Budgets More
Maderas’ favorite OSINT resources. More
CVE Trends — A wonderful way to monitor trendting CVEs on Twitter, written by Simon J. Bell. More
SSH-Audit — Audit your client and server SSH configs. More | by jtesta
Cracken — A smart-wordlist generator. More | by Shmuelamar
I’ve been studying physical and cognitive health for the last few years—with a special focus on longevity and happiness. After reading a couple dozen books on everything from diet, exercise, fitness, meditation, etc., there is one unified theme that stands out to me: making your body uncomfortable.
Think about that. The thing that running, lifting weights, ice baths, saunas, and fasting all have in common is that they produce health and happiness by convincing the body that life is still difficult, i.e., that life is still happening.
So my recommendation to you is to think about struggle as an umbrella concept for health and happiness: In short, make sure you are challening your body in some way on a regular basis.
“Find out who you are and do it on purpose.”