Unsupervised Learning Newsletter NO. 338

Deepfake Interviews, China Leak, Hacker Services…

NO. 338 — STANDARD EDITION | JUL 5 2022

Short week in the US this week, and I hope you have a great one.
 

— Daniel

SECURITY NEWS

The FBI Says People Are Applying to Jobs Using Deepfakes
We've heard of people hiring contractors to do their jobs for them, but now people are using AI to get the job in the first place. The specific technique being used was applying a skin during a video interview to look like someone else, and using voice spoofing software to make it sound different as well. A number of these were caught when the avatar's mouth didn't match the sound. I expect this is somewhat easy to catch right now, but that it'll get much more difficult in just a year or two. More

Data For 1 Billion Chinese Citizens Being Sold Online
An anonymous hacker appears to be selling a massive Chinese police database of over 1 billion people. Released sample data includes names, phone numbers, national ID numbers, and birth information. Other sample data included crimes people have been charged with, such as: looting, fraud, and handjobs. The dump is evidently 23 terabytes in total, and is being sold by a user named ChinaDan for around $200,000 (10 bitcoin). More

China Targeting Rare-Earth Companies with Influence Operations
Mandiant has found evidence of Chinese attackers running influence operations against companies competing with China in the rare-earth elements space. They're launching influence campaigns to anger local residents and presumably harm their business and marketshare. More

Sponsor

Storyblok: Level-Up the Security of your Company's CMS
 

More and more cybersecurity companies are ditching their traditional CMS and moving to a Headless CMS platform. Going headless provides the highest level of security and allows you to publish on any front end.

By using Storyblok's API-first platform you get:

  • Faster performance

  • A Content CDN

  • Easier integrations

  • User-friendly editing

  • Enterprise-grade security

HackerOne Employee Fired for Stealing Bounties
A HackerOne employee has been fired for going through customers' bounty submissions and submitting them as his own to earn money. This is pretty much the nightmare scenario for a company that's based on trust, but it looks like they handled it as best as possible. More

Indian Hacker Groups As a Service
Indian hacking groups are being used to target the law firms representing their clients' opposition, essentially attempting to dig up dirt that can be used to discredit them in court. They also go after targets directly for the same purpose: finding dirt. It's like a high-end call center service, but for finding leverage against people by hacking them. Obviously doing bad things is bad, but I think it's an interesting business model. And the article is very in-depth (Reuters). More

Vulnerabilities

  • CISA recommends immediate change from Basic auth to Modern auth in Microsoft Exchange Online. More

  • There's an Actively Exploited Chrome Bug More

Companies

  • Kogniz is a platform for detecting safety and operational issues, and it just introduced a computer vision module for detecting active shooter situations. The system is designed to use cameras to detect firearms in real-time, and it promises no false alarms, real-time alerts, response plans, and visual simulations. Sounds awesome, but I wish this weren't a hot market. More


TECHNOLOGY NEWS

An AI Predicts Salaries Based on Job Postings
There's a giant dataset of job postings (and salary data) that's been used to train an AI to predict salaries. Sarah Banah, a postdoc at Stanford's Institute for Human-centered Artificial Intelligence Digital Economy Lab, used the dataset to do all sorts of wizardry, including finding how a salary would change if you added something like a certificate. More

FedEx Moving to the Cloud
FedEx is closing all its data centers and moving off of mainframes by 2024. They expect the move will save them $400 million a year. More

Niantic is Making a Real-world NBA Game
Niantic of Pokemon Go fame is making a real-world NBA game called All-World. They describe it as, "NBA lifestyle meets the real-world metaverse." So the world will be like a basketball theme park, where you can get swag, gear, shoes, etc., all of which presumably improve your ability to play. You can play against others in a particular location, and there are leaderboards. Both NBA culture and gaming cultures are huge, and if they combine them successfully this might be a banger. More

SpaceX on Boats Planes and Trucks
The FCC has authorized SpaceX to provide internet for moving vehicles such as boats, planes, and trucks. Expect to see major airlines switching over in the coming months. More


HUMAN NEWS

Tech Layoffs Continue
Substack, Netflix, and many other companies are announcing layoffs. I put together a query to find the latest in Google News, and Layoffs.fyi has a startup tracker as well. Google News Query | Layoffs.fyi | A Twitter Graphic

California Says School Can't Start Before 8:30AM
There's been tons of research over the years showing that it's bad for kids to wake so early for school, and starting next fall it'll be illegal in California for schools to start before 8:30. Previously, the average start time for the nation’s high schools was 8 a.m. in 2017-18 but about 42% started before then, including 10% that began classes before 7:30 a.m. More

People Are More Stressed and Unhappy Than Ever
Gallup says we now have the highest score ever on the Negative Experience Index. The survey asked adults in 122 countries in 2021 if they had five different negative experiences the day before the survey. In 2021, four in 10 adults worldwide said they experienced a lot of worry (42%) or stress (41%), and slightly more than three in 10 experienced a lot of physical pain (31%). More than one in four experienced sadness (28%), and slightly fewer experienced anger (23%). More

The FDA Says Boosters for Variants Won't Need New Approval
COVID-19 vaccine manufacturers won’t need to conduct new clinical trials as they develop booster shots targeting the most recent variants of the virus, which means we should get them faster. More

We're Nearing 8 Billion People
The population of the world is creeping toward 8 billion, and currently sits at around 7,958,540,000. More


CONTENT, IDEAS & ANALYSIS

✍🏼 Two Americas
My new essay for the Fourth of July 2022. "The US's terminal conflict will be an internal one, fought between people who only see America's flaws and those who pretend they don't exist. And of course, both are wrong…" Read the Essay

✍🏼 The Workforce Reduction Pincer Move During Recessions
My new short piece on how companies are using the downturn to get rid of unwanted employees. "Companies are doing something smart (and sometimes a bit gross) during this economic…whatever this is. They’re using the downturn as an opportunity to get rid of people they don’t like, which solidifies their workforce. Here’s the move:… " Read the Essay

✍🏼 The Cybersecurity Skills Gap is Another Instance of Late-stage Capitalism
My new essay on the disparity between MANGACorns and everyone else when it comes to cybersecurity hiring. "For MANGA and Unicorn companies—henceforth known as Mangacorns—hiring cybersecurity talent is a nanny browsing Whole Foods with a Platinum Amex.… " Read the Essay

You Made the Choice For Me
Someone had a viral tweet after getting Covid on a Delta flight. He writes, 'I don’t “respect the choice about masking” made by my neighbor on DL466 on Sunday, because his maskless coughing and spluttering over 6 hours has had a predictable result. He chose for me and I don’t appreciate that he was able to.' With all the silly things that people successfully sue for, I don't see how this isn't a good case for court. How is this not a failure to make their flights as safe as possible? In the middle of a still-going pandemic? Like, I'm all for avoiding lockdowns and still flying. But it's negligent to allow coughing people to spew virus all over an airplane. That's the word: negligence. More

Biden Blames Gas Stations
I'm surprised and annoyed at Biden's blaming of gas stations for high gas prices. He tweets: "Bring down the price you are charging at the pump to reflect the cost you’re paying for the product. And do it now." Seriously? I remember thinking that way too, when I was a child, before I was corrected by an adult who explained how markets work. So either Biden doesn't know how markets work, or he is hoping to fool people who don't. Both are really bad, and I'm getting seriously tired of this administration acting like they're part of Trump's re-election campaign. More | Tweet
 

NOTES

I'm happy to now have my fiber internet connection directly connected to my modem upstairs. Now if the power goes out my internet will stay on. Super cool to have solar and two Tesla batteries because now I don't notice power outages. Before I would only notice because the internet would go down, and now that's no longer an issue. Plus I have Starlink as a backup (and cell as a tertiary). Short power outages are far too common in the Bay Area, especially during the summer.

I finally got around to reading Daemon, by Daniel Suarez. I didn't want to read it back when I was writing my first book because someone told me the idea sounded similar. So I didn't want to pollute my ideas with someone else's or worry that I was stealing. Happily, the idea seems quite different, but very cool indeed. More

The latest book in my current favorite fantasy series, Cradle, is out. It's called Dreadgod, and it's like book 11. The genre is LitRPG, which makes me happy by itself, although I'm not technically sure if this series qualifies (you're supposed to actually see stats and such in LitRPG). Anyway, it's been a fun ride, and if you like casual fiction with building character development it's pretty good. More

This is your periodic reminder, as I said when he left office, that if Donald Trump does not go to jail, he will be our next President. I say again: if he is not in jail, he will be the next President.

I think I need this SPAN smart electrical panel. Trying to talk myself out of it, but holy crap it looks nice. More

I continue to upgrade the newsletter with various formatting and content enhancements. Let me know what you think! Feedback

 

DISCOVERY

Cursor Control When Typing in iOS
🔥 "I’m not sure who needs to hear this, but when you’re typing in iOS, you can use the space bar as a mouse." Not only that, but if you press and hold your finger in the text itself, you will see a magnifying window around that text, and you can move side to side with even more accuracy. The space bar trick works for Android, I hear. More


L33t Hacking vs. M0st Hacking
Hacking is hardly ever your best against their best. It's usually your best against their mistaken, ignored, or forgotten. Still super fun though…🤣 More

Invest in Lines, Not Dots
A great piece on looking for patterns of behavior rather than point samples, especially if you're about to invest in that thing. More | by Mark Suster

7 Things You Can Learn About Storytelling From D&D
A great post on timeless lessons in storytelling that the author learned through Dungeons & Dragons. Pretty much gold for any writer. More

The Hierarchy of Security Products
My buddy Travis McPeak had a great slide in a great presentation at LocoMocoSec last week. HT @LeifDreizler More

Things You Should Know About Databases
A primer on database concepts, including indexes, RDBMS, trees, scalability, and more. More | by Mahdi Yusuf

⚙️ RECON | IPInfo Ranges
IpInfo is one of the foundational tools in my own recon platform, HELIOS. It's been the most dependable over time, and the team is just awesome (Hi Ben!). They just released an IP Ranges API that lets you pull IP ranges for a domain. Love it. More 

⚙️ WEB HACKING | TLSX
A fast and configurable TLS grabber from Project Discovery. For me, once PD enters the game I tend to go with their tool over my current one, and I don't expect this to be any different. More | by Project Discovery

⚙️ WEB HACKING | Bypass URL Parser
A curl-based tool that tests multiple ways of bypassing a 401 error. More | by laluka

⚙️ RED TEAM | Red Team Diaries
Publicly accessible notes about pentesting/red teaming experiments tested on several controlled environments/infrastructures. More | by Ihebski

⚙️ RECON | Waymore
Jason Haddix reviews and demonstrates the Waymore tool featured in last week's episode on his show Tool Time. Tool | Video | Tool Time | by XNL-h4ck3r

⚙️ OSINT | Intel Techniques
Intel Techniques is a massive collection of OSINT/RECON tools. It was taken offline a few years ago due to some online pressure/bullying, but it's back now. Definitely the most comprehensive list you'll find out there. More | by Michael Bazzell


RECOMMENDATION

Only speak to yourself with the kindness that you would require of a friend. Monitor that voice, and if you hear yourself being an asshole, acknowledge that it's not ok. Break up with that person, and find a better inner voice to hang out with.


APHORISM

"An honest person is always a child."

— Socrates