Get the podcast on Apple Podcasts
×

DanielMiessler

search
Login Become a Member Subscribe
Exploring the intersection of security, technology, and society—and what might be coming next...
Standard Web Edition | Ep. 33 | April 6, 2016

ul-logo-blog-640-wide

[ Subscribe to the Podcast: iTunes | Android ]

Unsupervised Learning

  • [ ] Welcome to the new show, except not really
  • [ ] Basically going to make it match the site more, with more diversity of technical topics
  • [ ] Still infosec-based, but more expansive to anything interesting worth sharing
  • [ ] More individual episodes that focus on one issue
  • [ ] Infosec news will always be the first segment, and it’ll still be lots of stories covered quickly, which I think is the most useful format
  • [ ] The name is Unsupervised Learning, which is a type of AI where you let the system learn from large datasets and find patterns on its own. Thanks to Susan for leading me to that name
  • [ ] In short, not much of a change, but what does change should be good

News

  • [ ] Panama Papers leak
  • [ ] Hackers targeting major US law firms
  • [ ] Ubuntu has some kernel vuln patches out
  • [ ] 50 million turkish citizens have their information dumped online
  • [ ] Microsoft makes cloud-app security services now available (Adallom)
  • [ ] OSVDB shutting down because nobody would pay them
  • [ ] WhatsApp is now end-to-end encrypted
  • [ ] Critical new Flash bug, expect Ransomware to leverage it
  • [ ] Security salaries skyrocketing due to talent shortage | http://www.csoonline.com/article/3049374/security/survey-with-all-eyes-on-security-talent-shortage-sends-salaries-sky-high.html
  • [ ] Data exfiltration using Smart Lightbulbs | http://www.scribd.com/doc/306620189/Eyal-Ronen-and-Adi-Shamir-Hack-Lightbulbs
  • [ ] Significant Firefox extensions bug, look for a patch soon
  • [ ] $40 attack that steals police drones from 2 kilometers away | http://www.theregister.co.uk/2016/04/01/hacker_reveals_40_attack_to_steal_28000_drones_from_2km_away/ | break wep, disconnect their controller, connect yours, must be within 100 meters
  • [ ] IoT is expected to push the US ahead of China in manufacturing by 2020 | http://www.zdnet.com/article/internet-of-things-analytics-expected-to-push-u-s-ahead-of-china-for-manufacturing/
  • [ ] 1,400 vulnerabilities found in automated medical supply system | https://www.helpnetsecurity.com/2016/03/30/1400-flaws-automated-medical-supply-system/ | automated cabinets that dispense medical supplies , if you’re locked out it could be bad
  • [ ] Trump hotels breached again
  • [ ] CyberInsurace rates dropped as the rates of breaches dropped, just shows that it’s a market, and things will be dynamic
  • [ ] Moussouris leaves Hacker One to go independent
  • [ ] Data Disruption heating up as an attack technique | http://www.darkreading.com/attacks-breaches/business-disruption-a-big-focus-in-2015-cyberattacks-/d/d-id/1324919 | the lesson is that things move in cycles
  • [ ] Netsparker scanned 396 open source web applications, primary findings were 180 XSS, 55 SQLi, and 16 File Inclusion vulns, plus some CSRF and such | https://www.netsparker.com/blog/news/infographic-open-source-web-applications-vulnerability-statistics-2016/
  • [ ] Chinese hacker who stole F-35 fighter jet plans celebrated as a hero in China
  • [ ] ICANN has taken over the internet from the US
  • [ ] OS X may be rebranded MacOS at WWDC
  • [ ] Samsung patents contact lens with built-in camera

Exploring ideas

  • [ ] Red Team, Blue Team, Purple Team, Hunt Team (it’s getting out of hand)
  • [ ] Moscow Rules | https://ctovision.com/2013/05/moscow-rules-the-original-protocol-for-operating-in-the-presence-of-adversaries-can-be-applied-to-cyber-defense/
  • [ ] Using Tor to log into your own Facebook, which is monitored, to do illegal things
  • [ ] Law Firms as targets because of the sensitive relationships they can protect / reveal
  • [ ] Friends destroyed America | https://medium.com/@thatdavidhopkins/how-a-tv-sitcom-triggered-the-downfall-of-western-civilization-336e8ccf7dd0#.i982a214l
  • [ ] Chat bots, conversation and AI as an interface | http://ben-evans.com/benedictevans/2016/3/30/chat-bots-conversation-and-ai-as-an-interface | I think he answer is to forget about existing technology and ask what we should expect to happen

Tools, talks, papers, and projects

  • [ ] Insurance implications of a cyber attack on the US power grid | https://www.lloyds.com/~/media/files/news%20and%20insight/risk%20insight/2015/business%20blackout/business%20blackout20150708.pdf
  • [ ] [ TOOL ] Netdata | https://github.com/firehol/netdata | sick performance monitoring visualizations
  • [ ] Reverse Proxy Attack Tools, on the Attacker Knowledge Base by Mubix | https://attackerkb.com/Combinations/ReverseProxyAttackTools
  • [ ] Empire Powershell Framework | http://www.powershellempire.com/?page_id=2
  • [ ] Machinae | https://github.com/HurricaneLabs/machinae
  • [ ] Passive Total | https://www.passivetotal.org
  • [ ] OPSEE | https://opsee.com/how
  • [ ] Web Scraping to Create Open Data | https://blog.scrapinghub.com/2016/03/30/web-scraping-to-create-open-data/
  • [ ] Evident.io | http://evident.io
  • [ ] An ultimate XSS polyglot | https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot | will be added to SecLists
  • [ ] Security startups based around using AI for detection capabilities | http://www.darkreading.com/attacks-breaches/how-4-startups-are-harnessing-ai-in-the-invisible-cyberwar-/a/d-id/1324831
  • [ ] Gophish.com
  • [ ] Doork — Open-source passive vulnerability tool | https://www.theguardian.com/technology/2016/mar/14/icann-internet-control-domain-names-iana?CMP=share_btn_tw

Recommended

  • [ ] Stratechery is a strong tech analysis site
  • [ ] Mobile Ate the World | http://ben-evans.com/benedictevans/2016/3/29/presentation-mobile-ate-the-world
  • [ ] Messaging as the killer app | https://stratechery.com/2014/messaging-mobiles-killer-app/
  • [ ] Agility requires safety | http://themacro.com/articles/2016/03/agility-requires-safety/
  • [ ] Advice on speaking at TED | http://waitbutwhy.com/2016/03/doing-a-ted-talk-the-full-story.html
  • [ ] California Data Breach Report | http://www.workplaceprivacyreport.com/wp-content/uploads/sites/162/2016/02/California-Report.pdf

Announcements

  • [ ] The podcast is renamed

Fin

  • [ ] Thank you for listening, see you next time
  • [ ] And if you like the show, please recommend it to your friends

[ Subscribe to the Podcast: iTunes | Android ]

Notes

  1. The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.
  2. Please let me know what you think of the new show concept.

DanielMiessler
© Daniel Miessler 1999-2023


Security, Tech, and Society in 10 Minutes
20 hours of reading and analysis condensed into a 10-minute summary every Monday morning.


Join 55,000+ readers who see the patterns in the noise.