Exploring the intersection of security, technology, and society—and what might be coming next...
Standard Web Edition| Ep. 317 | February 7, 2022
SECURITY NEWSThe Biden Administration has formed a Cybersecurity board to serve something like an NTSB for breaches, and they’ll start by looking into log4j. More
Attackers were able to steal around $323 million in cryptocurrency by exploiting a web-based service called Wormhole. Wormhole is a system that allows one to transfer crypto between blockchains, specifically between Solana and other chains like Avalanche, Ethereum, Polygon, and others. The attack created a fake minting account that created 120,000 ETH coins on the Solana chain and transferred them out. This is a great example of where so many flaws just come down to failed logic when doing the basics. More | The Attack
Cloudflare has launched a paid public bounty program. More
The US is testing robotic patrol dogs along the Mexican border. People are upset not just about automated sentries on the border, but because the company that makes the “dogs” (Ghost Robotics) previously highlighted a similar robot with a sniper rifle attached to it. More
Canada is facing a serious security situation related to the Trucker Vaccine Protest, which has now turned into something like an occupation of Ottawa. It has January 6th vibes, and while I don’t know much about Canada, I do know enough to be worried. More in the Ideas section below. More | A Tweet Analysis
Cisco Small Business RV Routers | Critical | Code Execution More
Samba | Critical | CVE-2021-44142 | 9.9 | RCE More
TECHNOLOGY NEWSMeta lost the most value of any company in history last week after announcing earnings. They lost users for the first time as well, and announced that Apple’s privacy changes will result in over $10 billion in lost revenue in 2022. More
Amazon now has a $30 billion advertising business. More
Amazon is raising the price of Prime from $119/year to $139/year. The last bump was in 2018 when it went from $99 to $119. More
Buzzfeed found the real names of the Bored Ape Yatch Club’s creators. They’re two guys in Florida. More
The IRS is facing pushback on them using ID.me to verify identities. People are evidently not super enthused about having to upload selfies to be able to pay their taxes. More
Amazon and some others are looking at potentially buying Peloton. More
A number of UK supermarkets are going to use cameras and AI to determine if people are old enough to buy alcohol. If they look under 25, they’ll have to show ID to a human. The goal of the system is to reduce line times by automating most of the checks. More
HUMAN NEWSPresident Biden re-instated the Cancer Moonshot program to accelerate progress against cancer. The goal is to reduce the death rate from cancer by 50% in the next 25 years. More
The lack of teachers problem is so bad in New Mexico that there’s an initiative to use National Guard troops as substitutes. More
Americans believe their overall quality of life, the ability for someone to get ahead if they’re working hard, and many other key satisfaction elements are significantly worse in 2021 and 2022 than in 2020. I personally see this as more evidence that Trump will be extremely strong in 2024. It’s not about reality; it’s about the perception of reality, and he’s a master at controlling that narrative. The top metric, for example, was the overall quality of life. It was rated as an 84 in 2020 and 67 and 69 in 2021 and 2022. More
CONTENT, IDEAS & ANALYSIS
The Rise of White Extremism in the US, Canada, and Europe — How I think January 6th and the Trucker Freedom convoy in Canada have a lot more in common than people think, and how I believe it’s part of a much bigger problem. More
Thoughts on Rogan and Redemption — My reaction to the Joe Rogan racism controversy, and a brief discussion of who deserves redemption and who doesn’t. More
The Irony of InfoSec’s Reaction to Crypto, NFTs, and Web3 — An argument that the InfoSec community should be more open to exploring technology that could shape our future, even when they have valid concerns and criticisms. More
Employee NPS Scores — I just had this article shared with me on the concept of simplifying employee (and manager) reviews down to a single question: “How likely are you to recommend working with [PERSON] to a friend or colleague?” Absolutely brilliant. The same goes for managers. “How likely are you to recommend working for [PERSON] to a friend or colleague?” As the article points out, there are tons of great rating systems that might eventually get you to this level of accuracy, but many of them involve multiple surveys, lots of interviews, and days or weeks to complete. This is one question, and according to the author of the article, it often yields the same results. Officially my favorite find of the week. More
NOTESWe now have a dedicated page for the UL Book Club! It covers how we select books, when we meet, and has a running list of all the books we’ve discussed in the past. More
Last month’s Book Club was tremendous fun, and the book, Project Hail Mary, was surprisingly excellent. I mean we thought it would be good, but many of us could not put it down. One of the purest executions of science fiction I can remember since The Three-Body Problem. And we’re reading that soon!
My great friend Mohsan Farid was just on the Bad Crypto Podcast. He talked about how he got into hacking, the different places he’s worked, as well as his company LedgerOps which focuses on blockchain security. Mohsan is an awesome hacker and a wonderful human being, and this is a great primer on what he’s up to. More | via The Bad Crypto Podcast
Vanta: Key Differentiators In Security Automation Platforms
There are so many compliance platforms on the market, yet not all are created equal. As the leader in compliance automation, we know exactly what features to look for when choosing an automated platform.
We’ve compiled a list of the biggest differentiators to check for – and we explain how each feature works in order to make your job more efficient as you go through the compliance process.
Neural.love — An AI that takes an old image and produces something that looks more like a photograph of the subject. For example, a crappy selfie, an old painting, etc. Submit them and get back a decent picture of the person. More
Runway ML — An AI-based video editor that allows you to remove backgrounds, remove subjects, and otherwise edit scenes with extreme ease. More
An extraordinarily in-depth post on the fundamentals of a good security program, by Phil Venables. More
The Great Resignation Might Be Due to the Old Age of US Workers — A great piece on how old a lot of US workers are. The median age in the US is 38, but many professions have median ages closer to 50. More
[ OSINT ] Favicon Map — Shodan’s database of favicons it’s found during its scanning. More
[ VULN MANAGEMENT ] OWASP WrongSecrets — An insecure app full of insecurely stored secrets. More
[ NETSEC ] Scanning Made Easy — A joint project between NCSC and i100 to create a collection of NMAP NSE scripts that function much like a unified vulnerability scanner. The Scripts
RECOMMENDATIONAny time you need to rate something (like employees, managers, products, whatever), and you’re overthinking with some elaborate system, consider using the NPS model. Basically, just ask one question: “How likely are you to recommend [THING] to a friend or colleague?” It might not be as good as your super-fancy system, but it might actually be better. And it’ll definitely be faster.
APHORISM“All gardeners live in beautiful places because they make them so.”