I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next. Every Monday I send out a list of the best content I've found in the last week to around 50,000 people. It'll save you tons of time.
STANDARD EDITION | UPGRADE TO THE WEEKLY MEMBER EDITION | August 19, 2018
Subscribe here to get this in your inbox every week.
The DHS is launching a new group to protect critical infrastructure. Link
Cisco is buying Duo Security for $2.35 billion. Link
Reddit had a security incident related to SMS 2FA, and their write-up on it is quite solid. I can actually gain trust in a company if they do an incident report well, and I think they’ve done that here. Link
It’s possible to identify individual Twitter users using only metadata. Link
BurpSuite has a new crawler, which allows for automatic session management. As a web app tester, this is fantastic news. Link
A number of sources are reporting that spam is increasing, and one often-mentioned reason is the decline of Adobe exploits. It’s an interesting lesson that economics is about changes and externalities.
CompTIA now has a new penetration testing certification, called PenTest+. Link
Marina Butina—the Russian spy working in the U.S.—evidently blew her cover by getting drunk and bragging. This is very common for Link
Venezuela’s President has survived a drone strike assassination attempt. Link
North Korea is building more nuclear missiles. Link
Russia sold 84% of its U.S. debt between March and May of 2018. Russia said they just wanted to get more into gold, but given the information warfare campaigns they’ve been running against us, I can’t help but jump right to a pre-attack shorting move. No hard data to back that up—just a feeling. Link
Draw This is an instant camera that creates cartoons using machine learning. Link
T2F is text-to-face generation using deep learning. You describe a person and it gives you an image. Link
Full genome sequencing is down to around $500 now, at least for this company. I’ll probably give it some time and see how the reviews are before I try it. But I’ll do it soon. Link
40% of VCs went to Harvard or Stanford. Link
BookTubers are YouTube influencers focused on books and reading. Link
Captain Picard is back in a new Star Trek series! Picard is the epitome of a true leader in my mind, and what I learned from that character continues to inform me even now. I bet he’s going to teach us this time (among other things) about the value of truth and facts in a world full of misinformation. Just a guess. Link
A Stanford study has linked depression to the lack of an over-the-counter supplement called Acetyl-L-Carnitine. Link
There’s a new, elegantly simple card game called The Mind that is attracting a cult-like following. Link
Even mild dehydration can impair cognitive performance and mood. Link
Bacteria are starting to adapt to the alcohol in hand sanitizer. Link
A study by Bank of the West found that almost 70% of millennials regret buying their homes. Link
Japan is urging workers to take Monday morning off to combat overwork. Link
The FDA may soon approve MDMA for treatment of PTSD. Link
France has banned smartphones from classrooms. Link
Young workers aren’t interested in construction jobs. Link
Parents are hiring Fortnite tutors for their kids. Link
Ideas, Trends, & Analysis
Many believe that blogs are less popular (and less read) now because of the shuttering of Google Reader, and the subsequent consolidation of content consumption on platforms like Twitter, Facebook, Reddit, and Medium. Link
I’m reading the Superforecasting book, and the high-level summary of what makes a top-tier predictor is someone who is dedicated to self-improvement. This makes sense to me because it’s consistent with someone who doesn’t cling to the past—including past opinions. When the information changes, your opinion changes with it. Link
BurpSuite has a new crawler. Link
Burp’s new crawler has automated session handling. Link
Burp’s new crawler can handle changes in application state. Link
Leonardo Da Vinci’s to-do list from 1490. Link
I’ll be in Vegas this week for BlackHat / DEFCON, and you should come by the IOAsis to help us celebrate 20 years. We’re at the House of Blues on Wednesday the 8th, and we’ll have a ton of security talks, plenty of hydration and caffeine, as well as massages! And new for this year, we’ll have the EA Experience Gaming Zone, where you can play some of the newest EA games.
I’ll also be available around BH/DC to chat about my Attack Surface Monitoring service HELIOS. TL;DR: it monitors your external attack surface—both on-prem and cloud—and tells you almost instantly when something dangerous gets exposed. So if someone makes a mistake and accidentally puts a database on the internet, leaves a web admin interface out there, exposes data via S3 buckets—and dozens of other types of exposures—you’ll know immediately via API push, Splunk, Slack, etc. Reach out to me here if you want to arrange a chat.
Books I’ve read recently: Subscribed, The Accidental Universe, Venture Deals, Origin Story, The Order of Time, Factfulness. And I’m currently reading Superforecasting.
And thank you so much to those of you who sent in fiction ideas. I received almost a hundred responses on that, and they were fantastic. I now have a solid queue of fiction titles as well! The first two are going to be The Way of Kings and The Blade Itself.
Consider running ssh-keygen -p -o -f $PRIVATEKEY on your SSH keys to remove a vulnerability related to SSH key storage formats. Link
“There are two kinds of fools: those who suspect nothing, and those who suspect everything”.
~ Charles Josef de Ligne