This is episode No. 96 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 30 minute summary. The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well…
This week’s topics: Russians vs. NSA, ArcSight vs. Russia, DISQUS breach, TrendMicro vulnerability, Stamos, tech news, human news, ideas, discovery, recommendations, aphorism, and more…
Listen and subscribe via…
Read below for this episode’s show notes & newsletter, and get previous editions…
Information Security news
Russia has evidently hacked an NSA contractor through his home computer running Kaspersky Antivirus software. The contractor evidently brought home extremely sensitive data and put it on his home system, which the Russians were able to access through some sort of backdoor in the Russian AV software. A lot of people were unimpressed when a warning recently came from the government saying not to use Kaspersky software, but now we might be seeing why. It’s important to note that, as a Russian company, it doesn’t matter if Kaspersky was compromised initially or not, since the government could simply force them to install a backdoor and keep the fact quiet. Link
DISQUS has had some sort of breach and emails and password hashes have been released. The data is in haveibeenpwned, and there’s a writeup on the blog. Same routine: change your password, and if it was shared you should change it in the other places too. But at this point none of your passwords should be shared. Link
A piece of shared vulnerable code in TrendMicro software allows for RCE on many of its products. This is the risk of using shared components: if it’s vulnerable one place it’s potentially vulnerable wherever you use it. Link
The Yahoo breach from last year actually affected all 3 billion accounts. Link
Brian Krebs has uncovered how to find someone’s salary history using someone’s SSN and DOB, which were both leaked for millions of Americans in the Equifax breach. Link
Alex Stamos continues to be a beacon of rational ethics within the infosec community, and he’s now evidently hunting down Russian influence within his entire platform. Having him in charge of security at Facebook makes me feel infinitely better about the service in general. Link
HPE evidently let Russia have access to the source code for ArcSight, so they could do a “security review”. I’m guessing that was approved long before all this Facebook and Kaspersky stuff happened, and they now regret it. Link
Google is releasing a separate security bulletin going forward just for Pixel/Nexus devices. Link
Patching: WordPress, Android, DNSmasq
Technology news
Google has released updated Pixel devices, an updated Google Home device, and Pixel Buds, an earphone competitor of AirPods that can do realtime translation of multiple languages. Link
Netflix is raising the cost of two of its plans—the Premium plan that gives you 4K and four streams is moving from $11.99 to $13.99, and the mid-tier plan is going from $9.99 to $10.99. Link
DJI has launched a privacy mode for its drones so that they can be used in sensitive environments. The setting will stop drones from sending or receiving any data over the internet while in that mode. Link
Human news
It appears that livestock is an even bigger part of climate change than man thought it was. New studies sponsored by NASA have shown that increases in methane gas from livestock could be contributing massively to greenhouse gases that are trapping heat. So, man-made in the sense that we keep growing more livestock to feed our meat habit, but nature-made in the sense that it came from an animal. It’s an interesting development in the discussion for sure. Link
Teenagers are chronically sleep-deprived, and early school start times are a major factor. Link
Exercise has been confirmed (once again) as the end-all-be-all solution for both mental and physical health. This article describes new recommendations of exercise duration and type for different age groups. Link
In 2017 we didn’t go more than 5 days without a mass-shooting. Link
Ideas
The Reason Business Doesn’t Take InfoSec Seriously Link
The Difference Between Violence and Terrorism Link
Stop Calling It Identity Theft Link
I realized the other day that I’d be ok with putting an Apple or Amazon assistant device in my home (like Alexa or a HomePod), but not similar devices from Google or Facebook. The reason for this is simple: with Apple and Amazon, they want to make your life better and sell you products. With Google and Facebook they want to extract more and more information from you, because your information IS THE PRODUCT. That difference is why I could not, at this time, put one of their devices in my home. Link
Expect in-person identity validation services to become a lot more popular. When everyone’s data is compromised I think it’s going to be a lot more common for major transactions to require that an actual notary validate your identity. So expect becoming a notary to become a lot more popular, as well as notary fraud.
Discovery
Remarkable visualizations of how American’s are divided based on issue vs. voting. Link
The Origin and History of UNIX Link
A visualization of the commonality of your birthday. Looks like the big birthdays are from conception dates in the holidays. Link
Entropy explained using sheep. Link
The Cognitive Bias Codex Link
Hackernewsbooks — A clean display of books mentioned on Hacker News. Link
Awesome AI Security — A project dedicated to adversarial examples against AI. Link
pcap2curl — read a packet capture, extract the URLs, and replay them using curl. Link
Notes
Thanks so much for the feedback on the length of the show. I got almost equal feedback saying it should be longer or shorter. The open and click metrics were a bit higher for the shorter show, which tells me that the format was more consumable for people. I wonder if the newsletter should be shorter, but the podcast should be longer, as one main piece of feedback I get is enjoying when I give more opinion and personality on the podcast. So perhaps I could take one or two of the concepts from the ideas section and go into more detail there for the podcast, but still keep the newsletter nice and trim.
Recommendations
If you run Kaspersky software anywhere, consider replacing it with something else.
Aphorism
“If you try, you risk failure. If you don’t, you ensure it.” ~ Anonymous
|
|
|
You can also sign up below to receive this newsletter—which is the podcast’s show notes—every week as an email, and click here to get previous editions.
And if you enjoy this content, please consider supporting the site, the podcast, and/or the newsletter below.
Thanks for listening. I’ll see you next week.
