Unsupervised Learning on Smash Notes

Unsupervised Learning podcast.

January 15, 2020

I'm Daniel Miessler, and I spend 5-20 hours a week consuming books, podcasts, and articles around the intersection of security, technology, and humans. Each episode—which is available as both a newsletter and a podcast—is either a curated summary of what I learned in the past week, or a standalone idea that hopefully gives you something to think about.



Recently updated notes

This essay looks at Training as Avoidance, The Toolbox Fallacy, and procrastination, and explores a potential root cause that underpins them all to inhibit creativity.

Support the show: https://danielmiessler.com/support/

Key points in this episode

Encrochat breach, F5 Big Problem, DHS Social Election Query, WastedLocker, India Bans Chinese Apps, Florida DNA Privacy, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show: https://danielmiessler.com/support/

Key points in this episode

Chinese diplomats stealing secrets, COVID flying risk, RT interviewing US cops, Army Ignite future predictors, China launches its GPS network, Russians paid bounties to kill US troops, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Ripple20 IoT Vulns, Homeland Security Surveillance, US Cyber Budget, Adobe EOL, AWS DDoS, Bellingcat Poison Investigation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

How so-called legitimate Data Brokers are a far worse threat to peoples' privacy than cyber-criminals operating on the Dark Web.

Support the show.

Key points in this episode

SMBleed, Republicans. vs. China, Hawkey Surveillance, COVID in August 2019, IBM Facial PR, Palantir NHS, Blockchain Misinformation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

A short essay on how we might get more pleasure from things that take longer to process and attain, and what we can do with that information.

Support the show.

Key points in this episode

COVID-19 Trends, New Zoom Trouble, Facebook Blocking, Chrome Incognito Suit, Retail Rents, Nuclear Contractor Hack, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

US Protests & Unrest, Trump Goes Into the Bunker, NSA Warns on Exim, Octopus Scanner, Stanford's SIO Virality Project, Windows 10 Update, SHA-1 Deprecated in SSH, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Twitter Bots, Face Recognition Headsets, Chrome Bug Memories, Virtual Currency, White House OPSEC, Realtime Language Translation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. He looks at the key findings and talks about what they might mean to us going forward.

Support the show.

Key points in this episode

Feds Release Top Vulns, China Brainwave Tracking, Europe CISSP Masters, Army Electronic Warfare, Microsoft Third-largest Patch Tuesday, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Thunderbolt Attack, Celebrity Ransomware, ClearView Government, Blackhat DEFCON Virtual, War Thunder, 5G Bio Attacks, PC Game Cheating, Zoom Keybase, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

VICE vs. Chinese Surveillance, Indian Contact Tracing, NHS + GCHQ, Banjo Racism, Singapore Requires Check-ins, Bruce on Contact Tracing, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Bay Area Lockdown Til May, The Swedish Approach, California Autopsies, Zoom Security Updates, Palantir Contacts, NSA Web Vulns, GreyNoise Services, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

In this episode, Daniel speaks with Renée DiResta about her work tracking narratives online. They discuss:
The different strains of false information
Her work at the Stanford Internet Observatory
How the same narrative can be used by multiple sides
The origin of the Bill Gates conspiracies
Mapping campaigns to actor strategies
What she recommends others do who are interested in her field
Other topics around disinformation, conspiracy, and narrative tracking

Renée DiResta is the technical research manager at Stanford Internet Observatory, a cross-disciplinary program of research, teaching and policy engagement for the study of abuse in current information technologies. Renee investigates the spread of malicious narratives across social networks, and assists policymakers in devising responses to the problem.

 

 

 

 

 

 

 

Support the show.

Key points in this episode

Flu Simulations, Amazon Thermal Cameras, Facebook Bad Info Tracing, 5G Gates Conspiracies, Google Slows Hiring, Amazon Hires More, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Biogen Superspreaders, African Locusts, Game of Life, Meat Troubles, 5G Conspiracies, Japan Getting Out of China, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Coronavirus unemployment rate, 2 million guns, UK 5G attacks, German Antibodies, Zoom Drama, New Cloudflare Servers, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

So today I’m talking to Leif Dreizler. Leif is a buddy of mine who also works in San Francisco. He’s a developer at a company called Segment, and over the last year or so he’s been telling me about all kinds of cool stuff he’s been working on, how his team is set up, and how they see security teams being built in the future. So we’re going to cover those topics and more in a conversation that ranges from security engineering strategy to solving specific problems through custom tooling.

Support the show.

Key points in this episode

Who's hiring, freezing, and laying off, models predict 100-200K US deaths, April distancing, Adversarial Capital, Booz Russia, Google State Phishes, Worker Monitoring, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… 

Support the show.

Key points in this episode

Health-justified Video Surveillance, FDA Emergency Approval of a C19 Test, Israel Mobile Monitoring, Amazon Essentials, Pandemic Drone Monitoring, Retasking Factories, Rich People Ventilators, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Virus updates, Github gets NPM, New Stimulus, Amazon Hiring 100K, Saltwater Nozzles, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Coronavirus Update, Nation-state Exchange Hacking, FuzzBench, New Artillery, Germ Catapults, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

SARS-CoV-2 update, China's health tracking, Firefox DNS over HTTPS, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

MGM breach, DDoS and Ransomware on the Rise, Twitter v. Bloomberg, Tesla Tape, Russia Pro Trump & Pro Bernie, Tapping Cables, Insider Concern, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Adsense Extortion, OT Ransomware Attack, Ring 2FA, Smart Speaker Jamming Bracelet, DARPA's Flying Gun, Lots of Advisories, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

In this episode I speak with retired Air Force Major General Earl Matthews on the topic of election security. We talk about digital elections, attacking trust in the US system, social media influence campaigns, and possible motives for foreign interference in US elections.

Support the show.

Key points in this episode

Iran DDoS, Jigsaw Picture Validation, 1000 Chinese Espionage Cases, Twitter Deepfake Labeling, Android Bluetooth Vuln, Cisco Discovery Vuln, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

London Facial Recognition, Coalfire Freedom, NYT Reporter Spyware, Avast Sells Customer Data, Google's Bounty Program, Kali 2020, Harvard Chemist Espionage, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Saudi Bezos Hack, MIT Davos AI, Moar Energy Attacks, NIST Privacy, Ohio CISO, Microsoft Data Breach, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Clearview AI Surveillance De-anonymizing Faces, Face Obscuring Tech, Google Cookies, San Diego GE Surveillance, Oregon Selling DMV Data, Windows 7 Done, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

California's Privacy Law, SHA1 exploit, Ransomware Storage, Ring Voyeurs, 20 vs. 2020, ATT&CK ICS, Telecom SMS, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

How increased understanding leads to the creation of better and better tools, and why tools are inexorable from weapons.

Support the show.

Key points in this episode

War with Iran, TikTok, New GIAC cert, Mystery Drones, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Ring Sued, Mean Time to Hardening, APT20 2FA, China Base Pictures, China Satellites, Angled Toilets, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Mobile Tracking, Chinese Drone-Flu Terrorism, Message Spying, Bing Misinformation, 23andMe GlaxoSmithKline, Spam Laws, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Pentagon vendor requirements, Ring camera freakout, Bluetooth Thieves, Palantir Pentagon, Amazon Rekognition, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Vietnamese BMW APT, Defense Contractor Prep, China replacing a culture, HackerOne Cookie Snafu, Chinese Also Worried About Privacy, China Mobile Face, CDC Flu Warning, AWS Sagemaker, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Spam trends, CWE's latest 25, Uber audio recordings, Uber unauthorized drivers, Chinese research theft, Google state-actor notifications, bluetooth burglars, Nixon deepface, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Google health care, Google checking, Github open source, China policy hack, Hactivist bounties, healthcare attacks, facial protests, OSINT CTF, surveillance robots, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Capital fired, DHS biodata, Twitter insiders, Baltimore Cyber Insurance, Airbnb Assessment, Google Play Malware, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Unify drama, Fancy cheating, NSO lawsuits, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

200th episode!, White House cyber vacancies, AT&T SIM bribery, South Africa ultimatum, climate change power crash, Bahgdadi dead, RuNET, NYT insanity, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Stolen Cards Stolen, Autoclerk Hacked, TeamViewer Hacked, Russia Pretending to be Iranian, JackSpotting, Pixel4 Faces, FrenchFacRec, Samsung Fingerprints, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Eye reflection EXIF, WiFi gait, Russian Cyber Clusters, Russia African Americans, China Pressure, VPN drama, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

Yahoo creep, DarkNet, E2E encryption, Cyber talent, RandomDeath, Private Data Property, Eyeballer, plus Technology News, Human News, Ideas Trends and Analysis, Updates, Discovery, Recommendations, and the Aphorism for the week!

Support the show.

Key points in this episode

New York is suing Dunkin (Donuts) for not revealing breaches in a timely manner (going all the way back to 2015), which is says jeopardized their customers. Good for New York. It's one thing to be breached: it's much worse to try to pretend it didn't happen. More

NPR wrote an extraordinary piece on how the US penetrated ISIS' communications infrastructure and basically tore it down from the inside. It includes significant details on the operation, which made me cringe as I read them because they were so descriptive. But what we lost in operational surprise we likely gained in deterrence. More

Uyghurs are playing cat and mouse with the Chinese government on the TikTok platform, with the former using videos to show solidarity while the latter searches for and deletes the content. More

Support the show.

Key points in this episode

Here's the new MITRE 2019 25 Most Dangerous Software Errors. Memory corruption bugs are huge right now. More

There's a ton of recent DDoS activity that's leveraging IoT devices for UDP amplification attacks. Specifically, the WS-Discovery service (WSD) is being used because the response to request ratio is so large (from 43% to 15,000%). More

There's a lot of chatter out there about Snowden due to his new book coming out, the NSA suing to keep him from making money off of it, him saying he'd like to come home, and him reiterating that he was just trying to do the right thing. Oh, and him saying he's never cooperated with the Russians. This whole situation makes me cautious of anyone with a singular and strong opinion about this, including myself. In 2016 I wrote a short piece about my opinion, and I am pretty much still in the same place with it. In short, if you think he's a hero you're probably wrong, and if you think he's a traitor you're probably wrong. He seems to be some combination of these two things, and from day to day, article to article, and book to book, I simply can't tell how much of which. Book

Support the show.

Key points in this episode

Not sure how this isn't bigger news, but Saudi Arabia shut down half its oil production after a number of drones attacked the largest oil processing plant in the world. Yemeni rebels claimed credit, but the US blames Iran. More

DNS over HTTPS is coming to Chrome as well, so it's not just Firefox. So this is basically where browsers have a preferred DNS server, which works over HTTPS, and ISPs therefore won't be able to see every DNS request that users make. This will be a good thing for reducing the risk of ISPs (and actors with access to their logs) seeing what people are requesting, but it raises questions around filtering, caching networks, and other major components of the status quo. More

A couple of Coalfire Pentester's got arrested and are still in custody for trying to break into a courthouse that they were actually paid to break into. Evidently, it's not clear whether the physical part was in scope or not. So, no, the get out of jail free card wouldn't have helped. Everyone already knows they were doing it thinking it was ok; the question is next steps. And meanwhile they sit in jail, probably spending all their time mentally working on DEFCON slides. More

Support the show.

Key points in this episode

AIG says BEC has overtaken ransomware as the primary claim type against their cyber insurance policies in EMEA, accounting for 23% of claims. More Paper

The NSA Cyber Chief wants to share digital threat information early and often. I like the fact that they're opening up a bit, and I think it's only good for everyone (except bad guys). The more they share the higher the bar is for attackers, and the less time they have to use certain TTPs. This is exactly the type of Government-Industry interaction that we need to be doing more of to stay ahead of China. More

NYU did a report on how social media is likely to be used for misinformation campaigns in 2020. They say Instagram will be a much bigger player this time around, which makes sense given that images are the dominant meme carrier. Article Study

Support the show.

Key points in this episode

Ring has already partnered with over 400 police departments. As you know, I'm torn on this kind of tech. Neighborhood watch can be a good thing, and it can also be a bad thing. Technology tends to magnify both weaknesses and strengths, so it can make neighborhood watch really great, or it can turn it into a nightmare. The problem is that you can easily start on the positive side, build it all the way up, and then in a few legal, policy, and tech changes have it turn into the oppressive form. Some say this is a reason not to do any of this stuff, but I disagree. We know someone is going to do it, so I think the best thing that can be done is to build a benign version and hope it wins in the market. More


People are drawing comparisons between China's social credit system (which is actually multiple systems) and the Silicon Valley's various apps that have internal rating systems. They're saying that these ratings will eventually be used to make decisions about things that matter. Sure, but this has existed throughout human history. Word of mouth, blacklists, etc.: these are all ways of extending the reach of good or bad reputation. I think whenever someone points out the downside of a technology, we should ask ourselves whether that dynamic exists already in the real world, and adjust our opinions accordingly. More

The Pentagon is worried that China will beat the US in AI if we don't create a stronger link between the government and both academia and industry, which China is good at. We basically need to move faster from edge concepts to practical implementations, but it's damn hard to do this when we have all sorts of legal and ethical constraints that China doesn't have. Our caution and morality are a definite weakness in this case. More

Support the show.

Key points in this episode

Protestors in Hong Kong are physically attacking and destroying facial recognition cameras. More

Palo Alto says 7 out of 10 new domain registrations (NDRs) are either malicious or not safe for work, and they encourage companies to block them. More

Lt. Gen. Fogarty is fighting to change the name of Army Cyber Command to Army Information Warfare Command, and to give the group a much larger scope in its mission. More

We continue to see attacks against open source supply chains, in packages like NPM, RubyGems, Webmin, and many others. It's about to become imperative for people to understand—and to be able to validate—the entire chain of trust that a given application sits upon before they use it. There have been many companies in this space in the past, but I expect to see them (and new players) get a lot more attention soon. More

Support the show.

Key points in this episode

The terms intelligence, information, and data are thrown around pretty loosely in most tech circles, and this inevitably leads to people confusing and/or conflating them. What follows is a simple explanation of how the related terms are different from each other, and how they work together.

Support the show.

Key points in this episode

There are some seriously nasty Windows RDP bugs out there. If you have RDP facing the internet, make sure you're patched. And try to get to VPN as soon as possible. More

A huge survey of firmware security has found virtually no improvement over the last 15 years. People seem surprised by this, but it is exactly what I would have predicted based on my analysis here. Basically, for most people not in the industry, our current state is actually fine. More

NYPD has over 82K peoples' DNA in a database, and the program has little visibility and oversight. More

Support the show.

Key points in this episode

Ring is developing two-way relationships with hundreds of police departments in the US. This allows Ring users to be alerted to crime in their area via 911 data, and police departments to pull video from participating Ring devices. This is the type of functionality that most people will see and think, “Wow, I'd love to have that!”, which is why it's going to be very successful. But it's also one tiny step away from something terrifying. More

A number of critical bugs in VxWorks are going to cause issues with infrastructure for years to come. More

DARPA is building a $10 million dollar, open source voting system with a focus on security. More

It looks like China's social credit system might not be a giant monolithic system, but rather a series of siloed experiments. More

Support the show.

Key points in this episode

Marcus Hutchins got off with time-served, and people have feelings. The range basically goes from 'he did nothing wrong', to, 'he should rot in prison'. In my mind this outcome was close to perfect. Remember, he went through two years of hell since being brought up charges, he's still a convicted felon, and he also is largely banned from the US. I think it's good that he admitted guilt, faced consequences, and is being offered a chance to continue giving back to the community. More

Attorney General Barr said recently that companies should put backdoors in their products that bypass encryption, or else the government will pass laws that require it. This is unspeakably stupid. Without even getting into the philosophy of whether the internet can host a private conversation (which requires a warrant to tap), we can just start with the fact that backdoors present a clear and present danger to security, right now, due to the weaknesses of those who create them. If the NSA can be hacked or somehow lose its sensitive tools and materials, there's no company this cannot happen to. Purposefully installing backdoors therefore equates (effectively) to giving such access to attackers. Unacceptable. More

Equifax is offering people $125 dollars in reparations for them losing all your data. But to get it, you have to log in and give a bunch of data about yourself. It's hilarious. They made money offering credit protection after the breach, and now they're going to collect updated information on anyone who wants to collect $125. On Twitter I called this a sadder and more permanent form of giving plasma. More

Support the show.

Key points in this episode

Unpacking the evolution-granted bliss of prep schools and elite institutions, and why they resonate so much with us.

Support the show.

Key points in this episode

The difference between unfairness and bias in machine learning.

Support the show.

Key points in this episode

Lots of people in the security community went silly over the FaceApp application last week, basically saying that you shouldn't be using the application because they'll steal your face and then be able to impersonate you. Oh, and then it turned out to be a Russian company who put out the application, and that made it 100x worse. The problem here is the lack of Threat Model Thinking. When it comes to election security, propaganda discussions, etc., I am quite concerned about Putin's willingness and ability to harm our country's cohesion through memes and social media. But that does not extend to some random company stealing faces. Why? Because before you can get legitimately concerned about something, you have to be able to describe a threat scenario in which that thing becomes dangerous. As I talked about in this piece, pictures of your face are not the same as your face when it comes to biometric authentication. There's a reason companies need a specific device, combined with their custom algorithm, in order to enroll you in a facial identification system. They scan you in a very specific way and then store your data (which is just a representation, not your actual face) in a very specific way. Then they need to use that same exact system to scan you again, so they can compare the two representations to each other. That isn't happening with random apps that have pictures of you. And even if that were the case, they could just get your face off your social media, where those same people who are worried are more than happy to take selfies, put their pictures on profile pictures, and make sure as many people see them as possible. There are actual negative things that can be done with images (like making Deepfakes of you), and that will get easier over time, but the defense for that is to have zero pictures of you…anywhere. And once again you have to ask who would be doing that to you, and why. Bottom line: authentication systems take special effort to try to ensure that the input given is the same as the enrollment item, e.g., (face, fingerprint, etc.), so it will not be easy any time soon to go from a random picture to something that can full a face scanner or fingerprint reader at the airport. People reading this probably already know this, but spread the word: threat modeling is one of our best tools for removing emotion from risk management

A contractor named SyTech that does work with Russian FSB has been breached, resulting in the release of 7.5TB of data on the FSB's various projects. This is obviously embarrassing for SyTech and the FSB, but the leaked projects focused on de-anonymization, spying on Russian businesses, and the project to break Russia away from the Internet, which are all known and expected efforts. So there don't seem to be any big reveals as a result of the leak. More

Someone discovered that a bunch of browser extensions were reading things they shouldn't be, and sending them out to places they shouldn't be. This is not surprising to me. Chrome extensions are like Android apps, which should tell you all you need to know about installing random ones that seem interesting. My policy on browser extensions is extremely strict for this reason. People need to understand how insane the entire idea of the modern web is. We're visiting URLs that are executing code on our machines. And not just code from that website, but code from thousands of other websites in an average browsing session. It's a garbage fire. And the only defense really is to question how much you trust your browser, your operating system, and the original site you're visiting. But even then you're still exposing yourself to significant and continuously-evolving risk when you run around clicking things online. And the worst possible thing you can do in this situation is install more functionality, which gives more parties, more access, to that giant stack of assumptions you're making just by using a web browser. The best possible stance is to have as few people possible with access to your particular dumpster. And that means installing as few highly-vetted add-ons as possible. More

Support the show.

Key points in this episode

An essay on why time can feel like it's speeding up when you get older, and how to slow it back down.

Support the show.

Key points in this episode

Parts of Manhattan had a power outage Saturday night, which happened to be the anniversary of another power outage in 1977. The power company apologized but didn't explain what happened. The hacker in me thinks this could easily be a probing shot by a sophisticated attacker, or a fun prank by amateurs. But the overwhelming odds are on simple failure. Either way, this country needs to get a whole lot more resilient to small attacks, because enough small ones can quickly become a big one. More

Zoom has had a bad week or two. Not only did it have a major vuln, but it turned out to be part of the design, and they moved relatively slowly in addressing it, and then companies started auto-uninstalling it from their OS. They had a lot of momentum going in the space, too. This will sting for sure. More

Facebook will be fined $5 billion over its various privacy catastrophes. More

Marriott is being fined $124 million over the Starwood breach. Real question: how does that compare to their coffee budget? More

Support the show.

Key points in this episode

The Telegraph has found strong links between Huawei employees and Chinese intelligence agencies. The Huawei counter was that this was extremely common among telecom companies, and that it wasn't a big deal. The counter to that counter was, basically, "Well, then why did you try to hide it?" /gg More

The NPM security team caught a malicious package designed to steal cryptocurrency. A lot of these packages work by uploading something useful, waiting until it's used by lots of people, and then updating it to have the malicious payload. My buddy Andre Eleuterio did the IR on the situation there at NPM, and said they're constantly improving their ability to detect these kinds of attacks. Luckily NPM's security team had the talent and tooling to detect such a thing, but think of how many similar companies aren't so equipped. I think any team that's part of a supply chain should be thinking about this type of attack very seriously. More

Federal agents are mining state DMV photos to feed their facial recognition systems, and they're doing it without proper authorizations or consent. To me this has always been inevitable because—as Benedict Evans pointed out—it's a natural extension of what humans already do. You already have wanted posters. You already have known suspects lists. And it's already ok for any citizen or any cop to see any person on that list and report them. In fact it's not just possible, it's encouraged. So the only thing happening here is that process is becoming a whole lot more aware (through more sensors), and therefore more effective. Of course, any broken algorithms that identify the wrong people, or automatically single out groups of people without actual matches, those issues need to be snuffed out for sure. But we can't expect society to not use superior machine alternatives to existing human  processes, such as identifying suspects in public. That just isn't realistic. Our role as security people should be making sure these systems are as accurate as possible, with as little bias as possible, by the best possible people. In other words, we should spend our cycles improving reality, not trying to stop it from happening. More

Support the show.

Key points in this episode

The world being sorted into two different countries—a Green country of the top 10% of income/wealk, and a Red country that's everyone else. These countries are separated not by geography, but by class.

Support the show.

Key points in this episode

I created a new tutorial on OWASP Amass, and just joined the team as a contributor as well. Tutorial

Chinese hacking groups have been embedded deep inside multiple major US tech firms for many years, including Fujitsu, Tata, NTT, Dimension Data, and HPE. The first thing you should be thinking is where else they are today. More

Amazon is getting heavier into the SIEM space (and perhaps others) with their new Amazon Security Hub offering. It takes in lots of event types from various AWS services, and surfaces what it thinks is most important. Of course, it doesn't do this for other product types, i.e., non-AWS stuff, but that could come eventually. More

Amazon also launched a new service that lets you monitor your AWS VPC traffic. And lots of vendors are announcing their support for it. More

Support the show.

Key points in this episode

There's a Linux vulnerability called SACK Panic (among other names) that takes advantage of a kernel feature called Selective ACK. The feature lets systems tell the other side of the conversation how much data it's received, and it turns out it can be overflowed or fuzzed. The former creates a crash, and the latter creates a slowdown. You should patch. And if you have any services facing the internet running Linux, you should definitely patch. More

A Florida city paid $600,000 in bitcoin to get access to their data back from a ransomware gang. More

Magic Leap is suing former engineer Chi Xu for allegedly using his knowledge of the headset to make a version for China. More

The average security group is running over 50 security tools. As my friend Jeremiah once said when looking at a Momentum Partners slide, "Are we secure yet?" More

Amazon just got a patent for using delivery drones for surveillance. I don't necessarily think that means they'll use delivery drones for surveillance though. That's what a lot of the conspiracy theorists will say, though—just based on them getting a patent for using delivery drones for surveillance. Actually, the patent is a bit more benign than my joke implies. It's designed to monitor opted-in people's property, a lot like a house camera or a Ring device. Makes sense. But still. More

Support the show.

Key points in this episode

The US is supposedly ramping up attacks against Russian power grid through the use of new cyberattack powers granted by Trump. I am happy to hear of this, but it's an example of where we as outsiders can only know a tiny fragment of the story. But any signs that this administration sees Russia as a foe, and are treating it as such, are positive in my view. More

Adobe is entering the deepfakes arena by showing off research tools designed to detect manipulated photos. More

Target stores have been hit by major outages. More

Many places are using very granular bluetooth beacon tracking to watch you move throughout their businesses, including airports, malls, subways, buses, gyms, hotels, festivals, museums, etc. More

The US is going after ethnic Chinese researchers in the medical field, and specifically at cancer centers. I'm all for becoming more aggressive towards the Chinese government pilfering the world's intellectual property, but, um, cancer research is one thing that I think it's ok to spread widely. It's not like they're stealing the only copy of the research; they're just sharing it. Maybe I'm missing something, but if that something is just about who makes the profit, then I'm calling Meh. More

Firewalling outbound DNS could save companies billions. Yes! I've been on about this for years. More

Support the show.

Key points in this episode

Some absolutely fascinating research has just come out on what percentages and types of vulnerabilities are actually exploited in the wild. It found that only 5.5% of vulnerabilities discovered between 2009 and 2018 were actually exploited, with most of those being issues with a CVSS score of 9 or 10. The best part of the paper, however, was a discussion of optimal patching strategies, where they looked at different methodologies for what to patch and measured them against each other based on coverage (no misses) and efficiency (not patching what you don't have to). Options included patching by CVSS, whether or not there are public exploits, by vulnerability tags, etc. The ML model performed best, but it seemed that patching the CVSS 7 and above was decent as well, and for more efficiency but less coverage—CVSS 9 and above. Super interesting paper. More

The US is going to start requiring 5 years of social media account history from Visa applicants, as part of the filtering process. I'm genuinely curious as to how effective this is going to be. On the one hand, there will now be a market for creating and maintaining fake social media accounts that people can use for this purpose. But on the other hand, there will be many who don't want to go to that effort and either won't try to come, or will get caught in the filter. As with most things, the efficacy will come down to execution. More

A team at Stanford has made it possible to edit video using a text editor. So, editing the things that were said by the actual subject, to say something else entirely, but having it seamlessly injected into the video so it looks completely natural. More

Support the show.

Key points in this episode

An argument that we should acknowledge grit as one of the most powerful causal factors in success, and figure out ways to bring its benefits to everyone.

Support the show.

Key points in this episode

A concise explanation of why software continues to have security and quality problems after decades of supposedly trying to address the problem.

Support the show.

Key points in this episode

The Deepfakes thing is already starting to have an impact, and it didn't even involve actual Deepfake (GAN ML) technology. A video was spread of Nancy Pelosi speaking very slowly and seeming to stumble over her words, which made her look quite bad. The video was virally shared throughout social media on the right. Problem is, it was intentionally slowed down to make her look old/stupid/crazy. What this shows us is that it's not the machine learning that makes Deepfakes dangerous; it's the willingness of a massive percentage of the US population to believe total garbage without an ounce of scrutiny. It doesn't matter if Deepfakes can be shown to be fake because people are matching evidence to their emotions, not the other way around. The vulnerability is our ignorance and cynicism, not a spoofing technology. And as I wrote about a couple of years ago, this will be used as a weapon against us. More Essay

A real estate insurance website for First American Financial Corp was vulnerable to a simple IDOR (where you change the account number in the URL to get another account), and it evidently resulted in the exposure of hundreds of millions of insurance records that included extremely sensitive information. IDOR is still one of the most common and dangerous vulns a web app can have, and for companies like this they can be devastating. More

The US Military is trying to learn how popular movements form and evolve, and to do so they're studying 350 billion social media messages. But it's a Bloomberg article, so maybe they're actually studying bullfrogs for clues about hypertension. More

Moody's has downgraded Equifax's rating in some significant part due to its 2017 cyber breach. This is noteworthy because until now, breaches have largely been spackled over in terms of the major financial perspective and at the 6-24 month timescale. This is a positive indication that companies could actually start taking cybersecurity more seriously, and not just at the CISO and IT level, but from the boardroom down. More

Advisories: TP-Link Routers

Support the show.

Key points in this episode

Trump has semi-banned the use of foreign telecom gear, which is really a direct shot at Huawei and China. more

Baltimore’s IT systems are still being held hostage after 2 weeks. Of all the cities in the world that I could imagine this happening to, Baltimore is towards the top of the list. If you don’t have good schools or a good police force, I don’t expect you’d have good IT security hygiene either. more

Crime is so bad in Mexico that people buy fake mobile phones so they can give them to muggers instead of their real one. I have to assume this is also happening in Brazil. more

This is a stunning audio Deepfake of Joe Rogan doing a few different routines. It sounds exactly like him. Not a little bit. Exactly. Now imagine that for politicians and celebrities, where there is plenty of source material to train from. We’re about to move to a world where you can only trust authenticated voices and personalities, using sources and clients that are trusted to serve you their actual content. Expect a massive industry around serving authentic content and detecting fakes. more

Salesforce had to disable access to millions while the fixed an access control issue that allowed open reading of tons of customer data. more

Support the show.

Key points in this episode

My Takeaways from the 2019 DBIR Report My Summary The Report

The DOJ has unsealed the indictment against those who they believe hacked Anthem in 2015, and they are Chinese Nationals. They didn't reveal the suspected motive, however. But as I wrote about last year, I don't think we need an explanation. I think it's obvious. More

An Airbnb host in China has been arrested for watching guests using a hidden camera. More

The Mossad has released an interesting challenge in something of a spy CTF style. More

Chinese scientists have created a small, portable camera system that uses LIDAR to resolve human features from up to 28 miles away. Good news—it also penetrates smog. More

Support the show.

Key points in this episode

A short essay that attempts to wrap a simple narrative around what's happening with the exodus of the New Left, and what it's doing to the moderate left, center, and right that they left behind.

Support the show.

Key points in this episode

Deepfakes are about to seriously erode our collective ability to tell truth from fiction, and this is already a big enough problem without them. Think of every problem you care about, and realize this represents an exponent on each one. This video captures it extremely well. Link

Slack has warned the world that it's being targeted by Nation State actors. I'm glad they said it, but we already knew that. Think of what an attacker could get if they could access any company's internal Slack communication without being detected. Link

Scientists have captured the brain waves of someone hearing speech, run that through an algorithm that created it's own speech from the recordings, and got a 75% recognition rate from humans on that speech. So the algorithm knew what the person heard, and turned that into spoken language that people actually understood. The next step is for the algorithm to know what people thought, instead of heard. In other words, machine learning is taking very close to mind-reading—but we still have potholes and cancer. Link

Support the show.

Key points in this episode

Today's standalone episode of Unsupervised Learning is a political conversation with Jeremiah Grossman, who many of you will know as the founder of Whitehat Security, current CEO of BitDiscovery, Jujitsu Blackbelt, and all-around great individual.


In this episode, however, we’re not going to be talking about Information Security, but Politics. We have remarkably different and similar views on politics, which we’ve been discussing in private for years, and we thought now was the perfect time to show that it’s possible to disagree with someone, respect them, and have a conversation about those disagreements in a positive and useful way.


This is the first experiment of this kind on Unsupervised Learning, and I’m quite pleased with how it turned out. So with that, Here’s Jeremiah Grossman.

Support the show.

Key points in this episode

Amazon has many thousands of people doing quality control on Alexa, meaning that they're listening to incoming audio captured on Echo devices. This shouldn't be surprising. The question is how they're doing it, and what policies they have around privacy when doing so. I don't personally see a major problem here. But at the same time I'd never put a Facebook device in my home. To me it's more about the company and its incentives than anything else. Link

A number of FBI-affiliated websites were hacked, and information on thousands of federal agents and law enforcement officers are now being sold online. Link

Chinese schools are using facial recognition on students, and using ML to determine whether or not they're currently paying attention, distracted, etc. Link

Sift is a service that builds a risk profile on you so merchants can determine whether you're a benign actor or someone about to commit fraud. I think people need to accept that continuous risk scoring for people and situations is both inevitable and actually already happening. The moment you try to block bad actors by looking at their behavior, you quickly end up with a score that determines action based on various thresholds. And the moment you do it for bad actors, you're kind of implicitly doing it for good actors as well. There are better and worse ways to approach this, but profile scoring is not something we're going to be able to avoid going forward. Let's accept this reality and start having the conversations about how to make (and keep) this functionality as benign as possible. Link

A Dutch F-16 was damaged by rounds from its own 20MM cannon. So it fired bullets, and then flew into them. Life is awesome. Link

Support the show.

Key points in this episode

Mastercard is looking to create a Digital ID service that can bind your digital presence to your mobile device, which will be able to verify you to various services.

Palantir has won an $800 million contract to build the next combat intelligence system (to replace DCGS-A) for the Army.

Putin appears to be causing brain drain in Russia.

Dropbox has an interesting proposal for improving vendor security assessments. TL;DR: They turned their requirements into contractual points. LOVE IT. 

Support the show.

Key points in this episode

Multiple governments have now blacklisted Huawei, which Huawei seems very confused by. The best explanation I've heard so far about why this move makes sense for western countries came from Rob Joyce of NSA. He basically said that just like Kaspersky in Russia, the reason you can't trust Huawei is that it's a Chinese company, and even if they're not already infiltrated by the Chinese government, they can be at any moment without anyone knowing that it happened. And there's nothing Huawei or anyone else could do to stop it. Strong argument. Link

2/3 of Android antivirus apps are hot garbage. Gasp. Link

DARPA is building an open-source, secure voting system. That's their goal, anyway. I'm skeptical of being able to build truly secure systems, but I have lots of confidence in DARPA, and I also know the bar for improvement over the current state is quite low. So, yeah, go forth and prosper. Link

The RAND Think Tank conducts wargames between the U.S. and its potential enemies, such as Russia and China, and one analyst said that we keep losing. The issue seems to be that our key advantages can be neutralized rather easily, and it'd take a lot of money to fix the biggest issues. Link

Support the show.

Key points in this episode

This is a description of cyberwar that sounds quite realistic to me, and it's based around the thousand-cuts idea. Ring Doorbells have a vulnerability that allows one to capture clear-text videos and other data from the cameras if you can get on the wireless network that the camera is using. An independent security researcher found the Dow Jones Watchlist database sitting open on the internet. Schneier talks here about how easy it is to influence people in sensitive positions, similar to my post on China building a database on us.…

Support the show.

Key points in this episode

OpenAI text spoofing, Twitter DMs, Chinese tracking database, Ponemon Cyber Risk Score, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Key points in this episode

My takeaways from ENIGMA 2019—one of my two favorite conferences in the world.
The US has charged Huawei with stealing trade secrets, money laundering, and fraud. This escalates the already tense situation with China on a number of fronts.
An engineer does a Twitter thread on AI-created videos on YouTube. He describes how they are created, promoted, and selected for display in recommendations. Fascinating read. This is a video of thieves scanning a BMW key fob through the wall of the owner's house, and driving away in their car. It could be that proximity-based security devices might need a trigger event (from the owner) before becoming active, like for mobile payments.

Support the show.

Key points in this episode

We just released the 2018 version of the OWASP Internet of Things Top 10, and in this episode I talk you through the list and give the philosophy, methodology, and next steps for the project.

Support the show.

Key points in this episode

German politicians hacked, NSA's new RE tool, Weather Channel tracking, sick TSA agents, Facebook dust tracking, Technology News, Human News, Ideas, Discovery, Recommendations, and the weekly Aphorism…

Support the show.

Key points in this episode

Google+ breach, Android flaws, China's long game against the US, Australia's encryption blunder, NYPD drones, and more…

Support the show.

Key points in this episode

Ukraine malware, China's Black Mirror, DARPA's Mosaic, FBI trolling, Silicon Valley jobs, Technology News, Human News, Ideas, Trends, & Analysis, Discovery, Notes, Recommendations, and the weekly Aphorism!

Support the show.

Key points in this episode

OWASP IoT Top 10 Draft, Facebook compromise, Fornite cheating, Pentagon weapons, spam calls, technology news, human news, ideas, discovery, recommendation, and the weekly aphorism…

Support the show.

Key points in this episode

AMA Summer 2018, Security News, Technology News, Human News, Ideas, Discovery, and the weekly Recommendation and Aphorism…

Support the show.

Key points in this episode

TLS 1.3, BurpSuite Improvements, Google Ad Database, Russian Attack Sattelites, Amazon Theaters, Google AI Cooling, Wheat Genome, Giant Magellan Telescope, Carb Ratios, Leg Exercise and Cognitive Health, Ideas, Discovery, Notes, Recommendations, and the weekly Aphorism…

Support the show.

Key points in this episode

GRU ATT&CK analysis, Assange to the UK, Cisco backdoors, DARPA electronics, faces from genomes, viz.ai, open plans are bad, Best Buy consulting, ultrasound vs. dementia, 4 day work weeks, ideas, recommendations, and the aphorism of the week!

Support the show.

Key points in this episode

Twitter deleting accounts, deepfakes, location leaks, Rekognition, bio databases, juggalo makeup, iOS 12 security, Siri upgrades, and more…

Support the show.

Key points in this episode

Predicting your credit rating based on the tech you use, Russians attack Germans, WPA3, China bird drones, AT&T and Verison to stop selling our location data, Facebook red team, Twitter Smyte, plus tech, humans, discovery, and more…

Support the show.

Key points in this episode

Reboot your router, China hacked a U.S. Navy contractor and stole around 600GB of top secret data. Newark, NJ is monitoring much of the city with surveillance cameras, and they're making the camera footage available to the public. Facebook also shared data with a number of Chinese companies. Tech, Humans, Ideas, Discovery, Reconmendations, Aphorism… 

Support the show.

Key points in this episode

Pentagon background checks, China using machine learning in schools, Rusian ethnicity detecting AI, US Military presence in Africa, Atlanta lost dashcam footage, Kidnapping insurance, Technology News, Ideas, Recommendation, Aphorism, and more…

Support the show.

Key points in this episode

VPNFilter botnet, Echo private convo, Ghostery GDPR fail, PornHub VPN, Technology News, Human News, Ideas, Trends, & Analysis, Discovery, Recommendations, the weekly Aphorism, and more…

Support the show.

Key points in this episode

VPNFilter botnet, LA + Palantir, Amazon Surveillance, Momentum report, Clapper says Russia turned the election, Chinese supply chain attacks, Tech News, Human News, Ideas, Discovery, Recommendation, the Aphorism, and more…

Support the show.

Key points in this episode

Regulators aren't staffed to audit you on GDPR, inaudible Siri and Alexa commands, iOS 4 is bringing lots of privacy updates, California DNA storage, technology news, human news, Ideas, recommendation, the weekly aphorism, and more…

Support the show.

Key points in this episode

How enterprises are completely ignoring the security activity that could help the most.

Support the show.

Key points in this episode

It's 2 billion users now, Liinux beep, Digital Shadows finds fail files, cloud misconfiguration, AlterEgo, AI applications, Alexa sending payments, Tech, Ideas, Recommendation, Aphorism, and more…

Support the show.

Key points in this episode

Atlanta disabled, MyFitnessPal hacked, Cambridge Analytica election tampering, Drupal, Saks, DARPA drones, Cloudflare 1.1.1.1, Slack bosses, Democratic Chinese AIs, Georgia facepalm, tech, humans, ideas, and more…

Support the show.

Key points in this episode

Chinese at CanSecWest, Applebees POS, Palantir, Poisoning, TensorFlow DoD, Amazon laughing, Google 72-qbits, Amazon FinTech, Android P, and more…

Support the show.

Key points in this episode

GitHub DDoS, Celebrite Attacks, AI warnings, Palantir in New Orleans, Grub Backspace, 4G attacks, Space Corps, Amazon wins Defense Department deal, tech news, human news, discovery, notes, recommendation, aphorism, and more…

Support the show.

Key points in this episode

Parkland tampering, Avoid Huawei, Bongo S3, Facebook 2FA Spam, Android Cryptojacking, Spyware Hacking, Password Dating, Technology News, Human News, Trends, Ideas & Analysis, Data & Statistics, Discovery, Recommendations, Aphorism, and more…

Support the show.

Key points in this episode

Chinese AR glasses, Cisco ASA flaws, Russian Nuclear Cryptomining, Marine quadcopters, POS Skimmers, Chrome HTTP, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…

Support the show.

Key points in this episode

Olympic security drones, Alexa trickery, Chinese quantum satellite, Audio Adversary Examples, BeeToken Ethereum theft, App Store Security, Cryptomining, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…

Support the show.

Key points in this episode

Social engineering, breach impact, Chinese turncoat, Android spy kit, Hawaiian OPSEC, Russian cables, bypassing CloudFlare, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…

Support the show.

Key points in this episode

Meltdown & Spectre, India's Database, Criminals and Monero, Equifax Non-action, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…

Support the show.

Key points in this episode

Many people, in many fields, think Machine Learning won't replace their analysts because their humans are better than an algorithm. But it's not just about side-by-side comparisons. The bigger question is, "what percentage of the data can humans actually look at?", and the answer to that question (a tiny fraction) is the reason ML will be so helpful.

Support the show.

Key points in this episode

How it's shortsighted and irresponsible for InfoSec professionals to fear-monger on IoT Security, and what we should be saying instead.

Support the show.

Key points in this episode

Swatting death, Ethereum kidnap, Chinese dystopia, Alteryx S3 bucket, Starbucks Monero, Forever21, Microphone ads, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…

Support the show.

Key points in this episode

TRITON, 1.4 billion credentials, HP keyloggers, iTunes Bitcoin laundering, removing credit card signatures, technologgy news, human news, discovery, notes, recommendations, and the aphorism of the week…

Support the show.

Key points in this episode

NiceHash hacked, Apple bugs, Stealing Cars via Relay, Crypto Collusion, technologgy news, human news, discovery, notes, recommendations, and the aphorism of the week…

Support the show.

Key points in this episode

Uber's mess, Google tracking users, AI finding missiles, drone disclosure, net neutrality, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

Github security, China IW, Brexit IW, S3 again, Quad9 DNS security, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

Verizon’s DBIR Report, sleeping fingerprints, IoT legislation, S3 security tools, AI tricks scammers, SEALs kill Green Beret, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

Russian IW memes, POTUS Twitter, Texas Attack, Silence Trojan, NotPetya Damages, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

Information Warfare, AI vs. CAPTCHA, Google Bug Bug, DARPA Drone Swarms, USB Fail, Medical Extortion, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

The InfoSec community needs to learn how to shepherd the public through new technology instead of joining them in fleeing from it.

Support the show.

Key points in this episode

The ways that terrorism and violence are different, and why it's important that we don't confuse them.

Support the show.

Key points in this episode

The Reaper botnet, Google Advanced Email Protection, Bitcoin Over $6,000, Duo's $70 million, Dubai going to facial recognition, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

Major WPA2 Flaw, Suburu hack, Vulnerable Container Ships, F-35 Data Stolen, Accenture S3 Buckets, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

Russians vs. NSA, ArcSight vs. Russia, DISQUS breach, TrendMicro vulnerability, Stamos, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

IE leak, Whole Foods, Sonic, Apple Open-sources Kernels, Equifax $15 million retirement, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

Deloitte hacked, Equifax fumbles, SEC hacked, iCloud ransom, Adobe PGP facepalm, Verizon S3 buckets, CCleaner, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

Equifax fallout, BlueBorne, Microsoft RCE, iPhone X, Dumping AWS, Cassini, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

Equifax, Hutchins got Krebs'd, Russia used Facebook, Energy hacking, Anti-protester AI, High-pitched Assistant hacking, tech news, human news, ideas, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

465K pacemaker patches, instagram leak, DJI bounty, Marketing departments messing up security news, false dichotomy in complex issues, IRS social media mining, death of the Sun, more fake Wells Fargo accounts, human echolocation, facial gestures as interface, discovery, recommendations, aphorism, and more…

Support the show.

Key points in this episode

Swedish gov leak, OPM hacking arrest, cybersecurity spending $1T, Oreo, Whole Amazon Foods, intelligence genes, false dichotomy of conflicting ideas, OPSEC obscurity, discovery, aphorism, and more…

Support the show.

Key points in this episode

Serious CANBUS issue, Cyber as a branch of the service?, iOS 11 Cop Mode, biometric wearables, Bill Joy battery, bitcoin forking again, ideas, discovery, aphorism, and more…

Support the show.

Key points in this episode

Amazon Macie, APT28, Cuba sonic attacks, Palantir and police, DNA malware, confusing self-driving cars, ideas, discovery, aphorism, and more…

Support the show.

Key points in this episode

The future of security testing, nuclear plant hacks, Android malware, satellite decryption, wildcard certs, military encryption, gsuite protections, WWE S3, tesla 3, jawbone, drone hacking, mental aging, millionare GPAs, discovery, recommendations, the weekly aphorism, and more…

Support the show.

Key points in this episode

Petya ransomware worm, RNC breach, Anthem settlement, Russians want source code, risk ratings, patching, ICOs, ideas, discovery, recommendation, aphorism, and more…

Support the show.

Key points in this episode


0:00
0:00