Unsupervised Learning: No. 167

ul-logo-blog-640-wide-copy

Unsupervised Learning is my weekly show that provides collection, summarization, and analysis in the realms of Security, Technology, and Humans.

It’s Content Curation as a Service…

I spend between five and twenty hours a week consuming articles, books, and podcasts—so you don’t have to—and each episode is either a curated summary of what I’ve found in the past week, or a standalone essay that hopefully gives you something to think about.

?️ Security NewsThis is a description of cyberwar that sounds quite realistic to me, and it’s based around the thousand-cuts idea. Basically, doing a large number of moderately disruptive things—all at the same time—in order to provide a distraction for something more serious. Like taking military control of Taiwan. This is a must-read from The Scholar’s Stage and Mark Cancian. LinkRing Doorbells have a vulnerability that allows one to capture clear-text videos and other data from the cameras if you can get on the wireless network that the camera is using. This is bad, for sure, but once again I’m confused by the threat model. Who exactly is doing this kind of attack, and for what reason? Again, I’m not saying it’s not bad, and that it shouldn’t be fixed. And it clearly should have never made it to the product in the first place. But like I talk about in this post on threat modeling smart locks, you have to ask yourself what the threat scenarios are. People who freak out without threat modeling are often over-rating new risks and under-rating old ones. LinkAn independent security researcher found the Dow Jones Watchlist database sitting open on the internet. The database is full of profiles on people that Dow Jones’ customers should supposedly watch out for, including people that are high-risk, terrorists, etc. LinkSchneier talks here about how easy it is to influence people in sensitive positions, similar to my post on China building a database on us. He talks about a recent exercise where researchers were able to follow European troop movements and even get soldiers to leave their posts—all through social media. LinkThe U.S. Cybercommand disabled the Russian IRA’s disruption operations during the 2018 midterm elections. It appears that the reason it was relatively quiet on the cyber-front during that time is because Cybercommand took agressive action. I’m happy they did, but it’s so strange and interesting that this is the new normal. LinkTrusted Workforce 2.0 is a new security clearance framework designed to address the security clearance backlog of over 550,000 people waiting for investigations to complete. LinkSomething Jeremiah Grossman and I have been predicting for years now is the pushing of security technologies by cyberinsurance providers. A reader friend of mine just told me that AIG is providing free Bandura Applicances to people who have their cyberinsurance policies. I think this free offer is the first version, but as providers gain confidence, and as their services become more mandated, they’ll start ratcheting up their recommendations—until eventually it’ll be required. They’ll basically say, “Plug this in and give it access to your data lake (with the help of our friendly auditor engineer), and we’ll tell you in 30 days what your premium will be”. As we’ve been saying for years, it’ll be insurance that discovers security truth first because they’re the ones with the most business need—and means—to do so. LinkThe Army wants to give ground combat vehicles Autonomous Targeting Capabilities. Maybe we should figure out autonomous cars first. And doorbell cameras that can’t be trivially compromised. I worry our ideas for autonomous weapons are moving far too quickly for our maturity level. LinkThe Pentagon is reducing its number of Air Craft Carriers from 11 to 10, by retiring the USS Truman twenty years early. The goal is to use the saved money on advanced weapon research. LinkAdvisories: Cisco Wireless VPN/Firewall/Routers, Adobe Coldfusion, Ring Doorbell App, Windows IoT Core Devices⚙️ Technology NewsMicrosoft Excel has a new feature where you can take a picture of printed tabular data, and it will parse it and import it into an actual spreadsheet. LinkAmazon is releasing the option to set a weekly delivery date to help address climate change. LinkChina is using face and voice recognition technologies on their pig populations in an attempt to idenitify disease early enough to make a difference. LinkLinkedIn is rolling out a salary comparison tool to show users where they could make more money. Sounds like an ingenious way to have people tell LinkedIn what they make. LinkTesla is looking to close most of its stores and instead sell their cars online. LinkFedEx is about to pilot its autonomous delivery robots. This is the future we knew would happen (autonomous robots zooming around everywhere), but it’s somehow still surprising to see it actually happen. Link??  Human NewsWalmart is eliminating greeters. LinkA study found Roundup in 95% of tested beers and wines. LinkIt’s not really possible to catch up on missed sleep during the week by getting extra on the weekends. Studies continue to show that it takes longer to fully rest the brain. LinkIt looks like Facebook may be getting into the Influencer Subscriptions space, where people give money to influencers and the platform gets a cut. But they’re looking to charge 30% as opposed to Patreon’s 5%. Twitch takes half, though, so there’s that. 30% won’t be so bad if everyone is using it, and there’s value in the platform. But without those things it’s not going to work regardless. LinkIt looks like Camp fire in California was likely caused by PG&E equipment, and they’re already in major financial trouble from fines related to fires in 2017. LinkAn interesting analysis on why drugs that work in mice don’t always work in humans. Basically, mice are relatively young and are given problems intentionally, where as humans develop problems naturally. Link? Ideas, Trends, & AnalysisThe Privacy Implications of 5G: Cellular location tracking is about to become a whole lot more precise  LinkMicrosoft employees are upset about their company’s $480 million dollar HoloLens contract with the Army. But their CEO came out and said that they will continue to do contracts with defense companies in the interest of democracy (basically). That matches up with Bezos’ comments. It’s going to be really interesting to see how much power the collective talent at these companies are going to have relative to their company leadership. Who wins when the top workers say they’ll leave if we don’t stop doing X, and the CEO says we’re doing it anyway? I guess that answer depends on what those employees’ options are elsewhere. It’s all game theory. If Microsoft were the only company doing defense contracting then a lot of conscienscious talent would surely leave, but if all the top companys they would jump to are also doing it, there’s no reason to jump. Fundamentally it’s a battle of ideas. When is it ok to supply militaries with better weapons, or governments with better surveillance technologies? And how do you walk the line between not stopping a terrorist attack because X government didn’t have the tech to find them, vs. becoming a partner to opression in places like Saudi Arabia?Walmart is eliminating greeters. Never forget that it’s not any corporation’s responsibility to provide jobs. This is about to become one of the most critical misunderstandings of our time. The moment it becomes better for a company to fire everyone, that’s when they’ll do it. The only reason we’ve had jobs this long is because companies needed humans, and that’s about to change for tens of millions of people. If you doubt this, go hang out at a mall on Saturday. LinkFor visionary leadership to be effective, the message has to filter down to middle management as well. LinkThis is Silicon Valley Link? DiscoveryDescript is a word processor for audio. LinkThe first documented case of a spider hunting an opossum (video). LinkYou can’t get Vitamin D inducing sun exposure through a car window. LinkScott Helme built a Twitter follower count display using a Rasberry Pi and Python LinkHow to Play a Role-Playing Game Anywhere Anytime LinkA list of companies that don’t do whiteboard job interviews. LinkCoping with Surprise in Great Power Conflicts (Paper) LinkWireshark 3.0 Released Link? NotesThe New Member Area is Now Live !!! You can now log into danielmiessler.com/members to get continuous and updated access to all member content. I’ve already put up the archive of private newsletters and podscasts, and all new ones will go there as well as additional premium and experimental content. Sorry it took so long, but I’m glad it’s finally available. LinkI’ve now been podcasting for 4 years (I started in January of 2015), and I’ve just made a number of tweaks to the podcast. I’ve changed the intro music, the intro wording, and the outro wording (plus a tiny enhancement of the delimiter sound effect). I am conscious that changing this type of thing too often, but I think the overall effect is subtle, and maintains the same feel. And I think this new text captures the spirit of the show really well. I hope you like the changes, and please let me know either way! LinkI’ve just finished re-reading Sense of Style, and am now starting in on Spy the Lie, which is a book by previous CIA officers that teaches you how to detect deception. Link?️ RecommendationsSpy the Lie: Former CIA Officers Teach You How to Detect Deception Link? Aphorism“Education is a better safeguard of liberty than a standing army”.~ Edward Everett

No related posts.