Unsupervised Learning is my weekly show that provides collection, summarization, and analysis in the realms of Security, Technology, and Humans.
It’s Content Curation as a Service…
I spend between five and twenty hours a week consuming articles, books, and podcasts—so you don’t have to—and each episode is either a curated summary of what I’ve found in the past week, or a standalone essay that hopefully gives you something to think about.
?️ Security News
This is a description of cyberwar that sounds quite realistic to me, and it’s based around the thousand-cuts idea. Basically, doing a large number of moderately disruptive things—all at the same time—in order to provide a distraction for something more serious. Like taking military control of Taiwan. This is a must-read from The Scholar’s Stage and Mark Cancian. Link
Ring Doorbells have a vulnerability that allows one to capture clear-text videos and other data from the cameras if you can get on the wireless network that the camera is using. This is bad, for sure, but once again I’m confused by the threat model. Who exactly is doing this kind of attack, and for what reason? Again, I’m not saying it’s not bad, and that it shouldn’t be fixed. And it clearly should have never made it to the product in the first place. But like I talk about in this post on threat modeling smart locks, you have to ask yourself what the threat scenarios are. People who freak out without threat modeling are often over-rating new risks and under-rating old ones. Link
An independent security researcher found the Dow Jones Watchlist database sitting open on the internet. The database is full of profiles on people that Dow Jones’ customers should supposedly watch out for, including people that are high-risk, terrorists, etc. Link
Schneier talks here about how easy it is to influence people in sensitive positions, similar to my post on China building a database on us. He talks about a recent exercise where researchers were able to follow European troop movements and even get soldiers to leave their posts—all through social media. Link
The U.S. Cybercommand disabled the Russian IRA’s disruption operations during the 2018 midterm elections. It appears that the reason it was relatively quiet on the cyber-front during that time is because Cybercommand took agressive action. I’m happy they did, but it’s so strange and interesting that this is the new normal. Link
Trusted Workforce 2.0 is a new security clearance framework designed to address the security clearance backlog of over 550,000 people waiting for investigations to complete. Link
Something Jeremiah Grossman and I have been predicting for years now is the pushing of security technologies by cyberinsurance providers. A reader friend of mine just told me that AIG is providing free Bandura Applicances to people who have their cyberinsurance policies. I think this free offer is the first version, but as providers gain confidence, and as their services become more mandated, they’ll start ratcheting up their recommendations—until eventually it’ll be required. They’ll basically say, “Plug this in and give it access to your data lake (with the help of our friendly auditor engineer), and we’ll tell you in 30 days what your premium will be”. As we’ve been saying for years, it’ll be insurance that discovers security truth first because they’re the ones with the most business need—and means—to do so. Link
The Army wants to give ground combat vehicles Autonomous Targeting Capabilities. Maybe we should figure out autonomous cars first. And doorbell cameras that can’t be trivially compromised. I worry our ideas for autonomous weapons are moving far too quickly for our maturity level. Link
The Pentagon is reducing its number of Air Craft Carriers from 11 to 10, by retiring the USS Truman twenty years early. The goal is to use the saved money on advanced weapon research. Link
Advisories: Cisco Wireless VPN/Firewall/Routers, Adobe Coldfusion, Ring Doorbell App, Windows IoT Core Devices
⚙️ Technology News
Microsoft Excel has a new feature where you can take a picture of printed tabular data, and it will parse it and import it into an actual spreadsheet. Link
Amazon is releasing the option to set a weekly delivery date to help address climate change. Link
China is using face and voice recognition technologies on their pig populations in an attempt to idenitify disease early enough to make a difference. Link
LinkedIn is rolling out a salary comparison tool to show users where they could make more money. Sounds like an ingenious way to have people tell LinkedIn what they make. Link
Tesla is looking to close most of its stores and instead sell their cars online. Link
FedEx is about to pilot its autonomous delivery robots. This is the future we knew would happen (autonomous robots zooming around everywhere), but it’s somehow still surprising to see it actually happen. Link
?? Human News
Walmart is eliminating greeters. Link
A study found Roundup in 95% of tested beers and wines. Link
It’s not really possible to catch up on missed sleep during the week by getting extra on the weekends. Studies continue to show that it takes longer to fully rest the brain. Link
It looks like Facebook may be getting into the Influencer Subscriptions space, where people give money to influencers and the platform gets a cut. But they’re looking to charge 30% as opposed to Patreon’s 5%. Twitch takes half, though, so there’s that. 30% won’t be so bad if everyone is using it, and there’s value in the platform. But without those things it’s not going to work regardless. Link
It looks like Camp fire in California was likely caused by PG&E equipment, and they’re already in major financial trouble from fines related to fires in 2017. Link
An interesting analysis on why drugs that work in mice don’t always work in humans. Basically, mice are relatively young and are given problems intentionally, where as humans develop problems naturally. Link
? Ideas, Trends, & Analysis
The Privacy Implications of 5G: Cellular location tracking is about to become a whole lot more precise Link
Microsoft employees are upset about their company’s $480 million dollar HoloLens contract with the Army. But their CEO came out and said that they will continue to do contracts with defense companies in the interest of democracy (basically). That matches up with Bezos’ comments. It’s going to be really interesting to see how much power the collective talent at these companies are going to have relative to their company leadership. Who wins when the top workers say they’ll leave if we don’t stop doing X, and the CEO says we’re doing it anyway? I guess that answer depends on what those employees’ options are elsewhere. It’s all game theory. If Microsoft were the only company doing defense contracting then a lot of conscienscious talent would surely leave, but if all the top companys they would jump to are also doing it, there’s no reason to jump. Fundamentally it’s a battle of ideas. When is it ok to supply militaries with better weapons, or governments with better surveillance technologies? And how do you walk the line between not stopping a terrorist attack because X government didn’t have the tech to find them, vs. becoming a partner to opression in places like Saudi Arabia?
Walmart is eliminating greeters. Never forget that it’s not any corporation’s responsibility to provide jobs. This is about to become one of the most critical misunderstandings of our time. The moment it becomes better for a company to fire everyone, that’s when they’ll do it. The only reason we’ve had jobs this long is because companies needed humans, and that’s about to change for tens of millions of people. If you doubt this, go hang out at a mall on Saturday. Link
For visionary leadership to be effective, the message has to filter down to middle management as well. Link
This is Silicon Valley Link
? Discovery
Descript is a word processor for audio. Link
The first documented case of a spider hunting an opossum (video). Link
You can’t get Vitamin D inducing sun exposure through a car window. Link
Scott Helme built a Twitter follower count display using a Rasberry Pi and Python Link
How to Play a Role-Playing Game Anywhere Anytime Link
A list of companies that don’t do whiteboard job interviews. Link
Coping with Surprise in Great Power Conflicts (Paper) Link
Wireshark 3.0 Released Link
? Notes
The New Member Area is Now Live !!! You can now log into danielmiessler.com/members to get continuous and updated access to all member content. I’ve already put up the archive of private newsletters and podscasts, and all new ones will go there as well as additional premium and experimental content. Sorry it took so long, but I’m glad it’s finally available. Link
? I’ve now been podcasting for 4 years (I started in January of 2015), and I’ve just made a number of tweaks to the podcast. I’ve changed the intro music, the intro wording, and the outro wording (plus a tiny enhancement of the delimiter sound effect). I am conscious that changing this type of thing too often, but I think the overall effect is subtle, and maintains the same feel. And I think this new text captures the spirit of the show really well. I hope you like the changes, and please let me know either way! Link
I’ve just finished re-reading Sense of Style, and am now starting in on Spy the Lie, which is a book by previous CIA officers that teaches you how to detect deception. Link
?️ Recommendations
Spy the Lie: Former CIA Officers Teach You How to Detect Deception Link
? Aphorism
“Education is a better safeguard of liberty than a standing army”.
~ Edward Everett
