This is episode No. 89 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 30 minute summary. The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well…
This week’s topics: Serious CANBUS issue, Cyber as a branch of the service?, iOS 11 Cop Mode, biometric wearables, Bill Joy battery, bitcoin forking again, ideas, discovery, aphorism, and more…
Listen and subscribe via…
Read below for this episode’s show notes & newsletter, and get previous editions…
Infosec news
A serious flaw in CANBUS has been discovered that allows an attacker locally connected to a vehicle to take critical systems offline, including components like airbags, brakes, etc. The attack works by spamming error messages to the system, which based on how CANBUS works, causes that component to be taken offline. So it’s essentially a flood of error messages that causes a denial of service for a specific subsystem. The good news is that you have to be local, or otherwise have direct access to the CANBUS to carry out the attack. The bad news is that there isn’t a fix other than fixing the CANBUS specification and having that update propagate through the purchase of new cars. Link
Cyber Command has been elevated in stature, and is one step closer to potentially separating from the NSA and/or becoming its own branch of the military. I think doing the latter would be excellent, and fitting, since the other branches are organized by physical attack surface. Cyber (still not used to saying that) isn’t air, land, or sea—it’s its own thing. And having its own branch would help make people take it seriously in terms of staffing, budget, and—most importantly—recruiting. Link
Apple is adding an option in iOS 11 to disable TouchID, supposedly so that law enforcement cannot demand that you unlock your phone with your fingerprint. Evidently there are a number of laws that say it’s illegal for them to ask you to enter a passcode, but it’s legal for them to require you to authenticate via touch. So Apple is making it so that you can disable that if you are crossing a border, etc. Love it. Link
The U.S. Army is looking to use biometric wearables to provide continuous authentication for warfighters. This is something I’ve been writing about for a number of years now. Link Link
Researchers have found a way to use sonar to determine what a person is doing, potentially including walking around, having sex, etc. The method of broadcasting the sound is through a malicious Android app, though, so I think that takes a bit of the sting out of it. If you can get someone to install a malicious Android app you can probably do a lot of things to them. Link
50% of ex-employees can still access the corporate apps for the company they left. This comes down to asset management and deprovisioning. Basics. Fundamentals. It’s the same story over and over. Link
Patching: Drupal, CISCO APIC
Technology news
It looks like Bill Joy, the author of Vi and Sun pioneer, may have revolutionized the battery. He’s essentially found a way to use solids instead of liquids, which is going to massively help Lithium-Ion and then Alkaline batteries after that. It looks to be a revolutionary breakthrough, and he’s predicting 2-3 years for general availability. Link
72% of consumers don’t know what Net Neutrality is. We should really stop thinking the problem is government or corporations or policy. The problem is having a population of idiots. Most problems start and end with the stupidity of the masses. Link
A former Netflix executive has a company called MoviePass, where you pay a monthly subscription (around $11) to be allowed to go to one free movie per day at a theater. I think this is one of those great ideas that could never work in this form, or at least not at scale. Theaters would simply not honor it because they’d lose too much money. Although, if they make most of their money from food and drinks maybe there’s a possibility. I’d love to see a version that does work, though. Link
A third fork of Bitcoin is about to happen in November. Like the previous fork, it’s designed to solve the problem of transactions taking a long time to process, but it does so in a different way. Instead of having 8MB block sizes and no Segregated Witness, the new fork will have 2MB blocks and include Segregated Witness. All three are technically still Bitcoin, although that could change based on popularity of the three over time. Link
People are excited to see that Elon Musk’s AI bot has defeated top DOTA2 players at the annual International tournament in Seattle. I went with my buddies, and it was great. Anyway, the story isn’t as cool as it sounds. The bot only beat humans in 1v1, not 5v5, which is how the game is normally played. And the bot had to be given its initial instructions from a human. So what it excelled at was perfectly knowing distances it could use its abilities, etc., which are things it should obviously be better than humans at. It’s still cool, but until it can beat a top team at 5v5 it’s not a Chess or Go level story. Link
Netflix plans on spending 7 billion on original programming next year, which is after spending 6 billion in 2016 and 5 billion in 2015. Link
Apple is looking to spend 1 billion on original content over the next year. Link
Human news
Iceland as a country has basically decided that a life with Down Syndrome is not worth living, and they are close to eradicating the disorder through abortion. Much of the world is reacting very poorly to this policy, basically calling it eugenics all over again. The argument is where to draw the line. Deafness? Less serious issues? Slippery inclines, as it were. My personal opinion on this is that I think it’s ok for parents to make that choice for Down Syndrome, but I definitely see the problem of where to make the decision for other, less severe issues. Link
According to a survey by ApartmentList, 83% of renters in the Bay Area say they plan to leave the area. Their top complaints were cost of living and lack of high-paying jobs. Link
A professor at the University of Bonn has proposed a solution to the P != NP problem, but the mathematics community is not even close to accepting it as valid. It will take weeks or months to fully analyze the paper and to arrive at a general consensus on whether it will stand or not. The early guess are that it will not. Link
We look to be closing in on a solution to peanut allergies. I hope it works for adults too. Especially those called Sunshine. Link
Hezbollah is differentiating from ISIS in a very clear way. They’re taking the high road and denouncing ISIS for the Barcelona attacks, saying that attacking civilians is against Islam and that true Muslims would not support such tactics. Whether this is just marketing or representative of their core beliefs, I’m happy to see the development. Link
Ideas
The Problem With Statues of People Link
The Bay Area is Separating into Red and Green Zones Link
The Enemy is Amathia Link
This is a strong piece of analysis on Russian intelligence efforts in the United States. My favorite bit was the simple observation that they’re trying to restore the Soviet Union’s influence and borders, and that in order to do that they need to erode NATO and the EU in a number of non-direct ways. That’s the entire game, and that’s what I’ve been saying since last August when all this started. Link
A great lesson on how hard it is to predict technologies, based on analysis of 20 years of hype cycles. Link
I’m secretly happy about the HBO breach. Not because I dislike HBO, or like GoT spoilers, but because I want the world to understand that hackers will come for what you value, and not necessarily what they came for before. This is something I try to explain to my customers at work: finding what matters to you is the first step of defending it.
Discovery
Rob Graham, the original author of BlackIce and the person who sold it to ISS, which was then bought by IBM, is going to rewrite the software and open source it. Link
A nice, well-documented writeup on reverse engineering a smart LED bulb system. Link
The 3 steps to becoming an AWS Security Specialist. Link
Childless seniors are being adopted by families. Link
Can you manage a company in the future using just blockchain? Link
Some defenses against RoboCallers. Link
Spiderfoot 2.11 has been released. It’s a major release with six new modules and new data sources as well. Link
Bloodhound — Uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Link
Notes
I am currently reading The Fourth Turning, a book about constantly repeating cycles in the United States that affect the population, politics, and innovation. The most interesting piece is that the book was written back in 1998, and it made predictions that have (evidently) largely come true. I think this book is likely to change how I see the flow of events in the world. I can’t wait to do the summary for this one. Link
I created some basic stats around Snort and Bro events on my site’s server. Link
I’m already using Spark as my main email client (instead of Mail on iOS and MacOS), but I am excited to try Superhuman as well. Link
Recommendations
The Fourth Turning. Go read this. Link
Sleep is so incredibly important to humans, and yet most people don’t realize that sleeping on a bad mattress could be keeping you from doing it well. If you aren’t sleeping on a premium mattress that you’ve replaced within the last 10 years, you are probably far less happy and productive than you could be. We’re about to replace ours, and it’s probably going to either be a Purple or a Tuft and Needle. If you don’t have a highly-rated mattress that you’ve replaced within the last decade, invest in your future by fixing that as soon as you can.
Seriously, don’t stare at the eclipse without serious eye protection. A man who did this in the 1960’s described the effect that lasted the rest of his life. He said he could see people’s faces, but not their noses or their mouths. Basically the center of everything he looked at was blacked out. It took less than 20 seconds for this to happen to him.
“Stop assuming you have a full lifetime to do whatever you dream of doing.” Link
Aphorism
“I am not afraid of tomorrow, for I have seen yesterday and I love today.” ~ William Allen White
|
|
|
You can also sign up below to receive this newsletter—which is the podcast’s show notes—every week as an email, and click here to get previous editions.
Thanks for listening. I’ll see you next week.
