
This week’s topics: My recap of RSA 2017, Google’s zero-trust implementation, Trump domain hacked, robots doing your taxes, the IoT Security train analogy, the future of authentication, toolswatch best tools of 2016, and more…
This is Episode No. 66 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 15 to 30 minute summary.
The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well.
The show is released as a Podcast on iTunes, Overcast, Android, or RSS—and as a Newsletter which you can view and subscribe to or read below.
Infosec news
My RSA 2017 Recap Link
Yahoo! is sending out another round of notifications to users saying there was an issue last year where attackers could create backdoor cookies using internally created software. This creates more questions than answers for me. Link
A U.S. company's toy called My Friend Cayla is a doll that can be controlled via speech recognition and over the internet via an app. Germany has classified the doll as an illegal espionage apparatus and have demanded that German stores stop selling it. The fallout from Snowden continues. Link
There's a new piece of Mac malware that's supposedly linked to the APT28 group that is said to have been associated with election related hacking last year. Link
Google shared their zero-trust network security implementation at RSA last week. Lots of companies talk about this, but they're actually doing it. And it's taken six years to get where they are. Link
IBM researcher Charles Henderson can still follow his car everywhere, even though he solid it a long time ago. Link
Researchers are warning that voice authentication is not good enough, and that it must be combined with other authentication types. I 100% agree. Link
Dutch researchers have found a way to undermine ASLR protection, which could make it much easier to create working exploits. Link
Technology news
A subdomain belonging to Donald Trump was hacked by someone who left a pro-Iraqi message. Secure2.donaldjtrump.com was evidently compromised through a DNS configuration flaw. Link
Apple has purchased an Israeli company called RealFace that specializes in facial recognition. I hope they don't go to this exclusively, as I think it's going to be a lot more error-prone than TouchID. Link
Google Fiber is shrinking massively as it prepares for new connectivity deployments to be mostly wireless. Link
The cost of manufacturing carbon fiber has fallen massively, and the price to consumers is about to follow. Link
Human news
Robots will soon do your taxes. Those jobs are just about gone. Link
Bill Gates is quite worried about bioterror. Link
We don't understand consciousness, and we don't understand quantum physics. Some researchers are starting to ask if that's more than a coincidence. Link
26% of American adults haven't read a book in the past year. I suspect the problem is far worse than that. Link
The extreme nerdiness of hand-drawn infographics. Link
Ideas
IoT Security's Train Analogy Link
Violence and Terror Are Not the Same Link
My article from 2015 on the Future of Authentication Link
With Machine Learning, Batteries Are Often Not Included Link
Discovery
The ToolsWatch best security tools of 2016. Link
An unbelievably great deck by Momentum Partners on big moves in the InfoSec space. Link
DataSploit: Performs various OSINT techniques and organizes results visually and into usable data. Link
A great presentation on starting in IoT hacking. Uses the IOT Security Project that I lead. Link
Combining OpenCanary and DShield. Link
Notes
Here are the slides from my RSA talk on securing Medical Devices using Adaptive Testing methodologies. Link
Here are the slides from my IOAsis talk on implementing Honeytokens throughout the stack without a budget. Link
I'm going through the RSA 2017 vendor list and condensing each interesting technology company into a single sentence. I need someone to pick an alphabet letter and help me clear out the list. I'm currently in the D's (lol). If you want to volunteer for a letter, ping me at danel@danielmiessler.com. Link
I'm about halfway done with the Hamilton biography, and I've just purchased the Federalist Papers as well, which I'll read next. Link
Recommendations
Ensure that your backup strategy is resistant to malware. In other words, if ransomware malware can get to your backups, then you might as well not have any backups.
Aphorism
"By doing just a little every day, you can gradually let the task completely overwhelm you." ~ Unknown
Thank you for listening, and if you enjoy the show please share it with a friend or on social media.