News & Analysis | NO. 315 - Daniel Miessler

Exploring the intersection of security, technology, and society—and what might be coming next...

Standard Web Edition | Ep. 315 | January 24, 2022

SECURITY NEWS

A mandatory-use mobile application for all athletes, journalists, and other Chinese Olympic attendees has serious security flaws, including a lack of certificate validation for encrypted communications. Citizen Lab told the organizing committee about the problems a long time ago but got no response. US athletes have been told to use burner phones. More

Twitter’s new CEO fired Mudge and Rinki Sethi as part of major changes to the Twitter security team. This in the same week that Twitter launched NFT profile pictures. More

McAfee and FireEye have combined to become ‘Trellix’. Is it just me or does McAfee have naming issues? Like what are the odds this will still be named the same in 5 years? More

The UK, backed by the US, said publicly that Russia plans to install a pro-Russian leader in Ukraine. And they named him. More

Vulnerabilities:

F5 BIG-IP | 13 High | 7.5 More
McAfee Enterprise Product | High | Code Execution More
Drupal | System Takeover More
Rust | 7.3 | File Deletion More

Companies:

Banyan Security raised $30 million to do Zero Trust Network Access. More
Cloud Security company Polar Security comes out of stealth with an $8.5 million raise. More

TECHNOLOGY NEWS

Spotify has shut down its internal podcast studio. This comes as the momentum behind Spotify’s podcast play seems to be slowing. People are upset that Spotify podcasts aren’t fully on YouTube and other channels, and many people are pushing Spotify to take action on Rogan promoting vaccine misinformation. They’re still doing well, but seem to be facing some headwinds. More

Google is building an AR headset, called Project Iris, to go up against Meta and Apple. More

Streaming Music Marketshare Stats More

Spotify: 31%
Apple: 15%
Amazon: 13%
Tencent: 13%
YouTube: 8%

HUMAN NEWS

In the US you can now order free at-home COVID-19 test kits, which are delivered through the post office. More

CONTENT, IDEAS & ANALYSIS

Consciousness is a Movie Screen Without an Audience, Theater, or Universe — My attempt to provide an accessible introduction to consciousness, meditation, and mindfulness. It uses a model of a Movie Screen to describe one’s consciousness, and explains how to use that model practically in daily life. More

Is This The Most Important Civilizational Pattern? — A quick explorative piece on what I think could be an underlying cause of our current struggles in 2022. More

Your Value Comes From Your Output — A direct and honest piece of advice on how to get a seat at any table you wish you were a part of. More

NOTES

It’s been years since we’ve done a survey on the audience here. If you can spare 11 seconds I’d appreciate some help quenching my curiosity. Plus it’ll help the show because potential sponsors like to know something about us. With me being me, however, I won’t be capturing name or any other personally identifiable information! It’s just two questions: industry and position. Really appreciate the help! Answer The Two Questions

I’ve finally finished Super Saiyan mode of my home audio setup, which I spent MONTHS researching starting when the pandemic happened. Won’t fully detail it here, but if anyone is curious, hit me up. I’ll give you three hints though: Genelec, NAD, and DIRAC Live. I’ve been having so much fun listening to both my favorites and tons of new music as well. I honestly think audio gear is some of the best money you can spend if you’re into music. Some of the other best money? Bidet toilet seats and a top-end mattress.

A joke I thought of related to the Chinese Olympic “COVID” App: “This app’s killer feature is actually detecting exposure to Democracy.”

DISCOVERY

Wholesome Memes on Twitter — I recommend creating a Twitter list and putting a bunch of good news and kindness-based accounts in it. Use it for eye and soul bleach. More | Example

Is the Tech Bubble Crashing? More

Information Security Skillsets More

Red Team, Go! — A look at Jupiter One’s Red Team approach. More

The Cyber Plumber’s Handbook — SSH Tunneling, Port Redirection, and Traffic Bending, Oh My. More

The most brilliant explanation of GPS I’ve ever seen. More

Everything Must be Paid For Twice More

skybot.cam — Someone built a system that takes a picture of every plane that flies over their house, and it identifies the plane. More

Reverse Engineering 101 — An introductory course for reverse engineering, by Malware Unicorn. More

Awesome List of Secrets in Environment Variables — Lists of secrets, passwords, API keys, and tokens stored in system environment variables. More

ripgen — A Rust-based implementation of the dnsgen Python utility. 17x faster with 75% less memory. My guy Nate is seriously making me want to learn Rust. More | by d0nutptr (follow him)

RECOMMENDATION

The next time you interview for a job, ask your potential new manager these five questions:

When was the last time you promoted someone on your team? How did it happen?
Why did the last person in this role leave?
How do you nurture psychological safety in your team?
When was the last time you supported a direct report’s growth, even if it meant leaving your team or company?
Most/all of my interviewers were men. Can I speak to some women on the team to hear more about their experience?

These come from this excellent Twitter thread by Lily Koning, and thanks to Jason Haddix for the retweet discovery.

APHORISM

“I select a very small number of things to be skeptical about, such as markets, and on these I am hyper-skeptical. But I want to be fooled by randomness in art. I want the ceremony of religion. We are made for it.”

— Nassim Taleb

Recommended

Tutorials

Projects