Exploring the intersection of security, technology, and society—and what might be coming next...
Standard Web Edition| Ep. 325 | April 4, 2022
SECURITY NEWSThe FBI says Russian attackers are scanning and pose a current threat to US energy systems. More
Apple released fixes for two zero-days affecting Macs, iPhones, and iPads. They are critical CVEs that lead to code execution with kernel privileges. Update your devices immediately. More
There’s a critical RCE zero-day in the Java Spring Framework that can result in the complete takeover of a targeted system. Patch immediately. More
Vanta — Making Security Compliance Easier to Manage
There are so many compliance platforms on the market, yet not all are created equal. As the leader in compliance automation, we know exactly what features to look for when choosing an automated platform.
We’ve compiled a list of the biggest differentiators to check for – and we explain how each feature works in order to make your job more efficient as you go through the compliance process. Check out our guide to the 5 must-haves in an automated security platform.
There’s also a critical RCE in Sophos Firewall which allows you to execute arbitrary code on the firewall. Sophos saw a few companies in South Asia being targeted with this attack and let them know directly. More
Ukraine’s Defense Ministry’s Directorate of Intelligence leaked personal data for 620 alleged Rusian FSB agents. More
A leak from a Russian food delivery app (Yandex Food) shows the dining habits of Russia’s secret police. Yandex said the leak came from an internal employee and includes data on around 58,000 users. Bellingcat got a hold of the leaked data and was able to find GRU phone numbers, other officials associated with the Russian government, and then further link that data to addresses that confirmed their identities. More
Anonymous says they’ve leaked 15 GB of data on the Russian Orthodox Church’s charitable wing. More
TECHNOLOGY NEWSThe train system in the Netherlands had an IT outage which shut down the entire train system. “It is unfortunately not possible to run any trains today.” More | More
HUMAN NEWSThe US economy added 431,000 jobs in March, bringing the unemployment rate down to 3.6%. More
It looks like the supply chain issues might get a lot worse. Before it was Covid, and now it’s another outbreak in China combined with the war in Ukraine. More than a million containers used to go from Europe to China by train through Russia, and now they’re being rerouted by sea, and over 120 container vessels are stuck in Shanghai due to Covid. Everstream Analytics says these events will have effects similar to the Suez Canal blockage problem in 2021. More
Hubble found the most distant star ever seen at 12.9 billion light-years away, and it’s been named Earendel (from Tolkein). It’s at least 50 times the mass of the sun and at least a million times brighter. The coolest part of this is that we wouldn’t have been able to see it at all if it weren’t for a massive galaxy cluster that served as a gravity-based magnifying glass. More | Video
The human genome has now been mapped completely. You might have thought we did that already, but the last 8% or so took a very long time. A lot of that was what was called Junk DNA comprised of 151 base pairs of sequence data. More
A new study in Nature shows that Covid spike proteins create cognitive decline and anxiety in mice. More
In a new study in The New England Journal of Medicine, and the largest study of its kind, Ivermectin has been shown to be completely ineffective against Covid. More
CONTENT, IDEAS & ANALYSIS
A Custom Contact Sharing System — I created a custom personal contact sharing system for giving out my phone number, email address, and contact photo via vCard when I meet someone new. More
My Gaming Idea (2006) — I just remembered a gaming idea I had back in 2006 that reminds me a lot of what we’re now calling metaverse. It’s a pretty fun read. It also reminded me that I printed out multiple copies of this post and mailed it to my friends as copyright. Hilarious. More
Thinking About the Future of InfoSec (v2022) — A look at how I see InfoSec unfolding in coming decades, broken down by org structure, technology, regulation, insurance, automation/AI, and other factors. More
Remote at the Office — Employees are returning to the office just to sit on Zoom calls. I think what companies (and employees) are about to figure out is that going to the office works best in hyper-local scenarios like we had in the 50’s. That means a company where you have a physical office and the vast majority of its employees physically work in that office. Not only that, but they don’t interact much with people who don’t work in that location. This means if you have multiple branches where people collaborate cross-branch, or you want to hire better people by including remote workers, you instantly lose the legacy value of going into the office. It’s still cool to go to a local office every once in a while, if you happen to have a colleague there that you can get a beer with or whatever, but fewer and fewer companies are going to have an onsite advantage simply because there are multiple branches or too many remote workers. This means anywhere you go into an office you’ll still be on Zoom calls, so you might as well stay at home. More
NOTESI’m psyched about these new Schlage smart door locks. They’re one of the first locks that use the Home Key feature within the Apple ecosystem, which is NFC-based lock functionality. So you can walk up to your lock and just swipe with your phone or your watch—even without re-authenticating to the phone (if you have Express mode enabled). More
Good News: My podcast surpassed 1 million downloads! Bad News: Those are my all-time stats, not my monthly stats like Making Sense and My First Million. More
A Collection of Pentest Contracts and NDAs for Freelancers More
[ RECON ] ReconFTW — A recon automation system that focuses heavily on subdomain enumeration before heading into vulnerability assessment. More
[ CI/CD ] Dagger — A Lego-like DevKit for building powerful, repeatable, and portable CI/CD pipelines. More | Project
RECOMMENDATIONIf you’ve ever thought about getting into Solar for your house, now might be the time. I recently priced 4.8kWh worth of solar panels, plus a Tesla Powerwall battery, at around $21,000. Depending on your house (and how much sun you get) that can get you between 50% and 100% of your daily energy use, and massively reduce your reliance on the grid. I think the over-time savings element is less of a sell because it’ll take a while to earn that back in energy usage. My big thing is peace of mind against outages combined with adding to the resale value of the home. I have 18 Sunpower panels and 2 Tesla batteries and couldn’t recommend them more.
APHORISM“History is the discovering of the principles of human nature.”