This is episode No. 93 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 30 minute summary. The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well…
This week’s topics: Deloitte hacked, Equifax fumbles, SEC hacked, iCloud ransom, Adobe PGP facepalm, Verizon S3 buckets, CCleaner, tech news, human news, ideas, discovery, recommendations, aphorism, and more…
Listen and subscribe via…
Read below for this episode’s show notes & newsletter, and get previous editions…
Infosec news
Deloitte had its email system hacked (which looks to have possibly been Microsoft’s O365) via an administrator account that lacked 2FA. The breach was discovered in March of this year but could have been going on since late last year or possibly even longer. Link
Equifax has been sending concerned customers to a phishing site for weeks, and now we’re learning that they bought their identity protection service in August when they (but not the public) probably knew about the breach. We (and definitely I) cannot know that the truth is as bad as them strategically planning to make money off their own error, but at this point I wouldn’t be surprised. Link
Someone hacked the SEC last year, and accessed what the SEC is calling “nonpublic information”. It appears that the hack was used to make trades and earn profit. In July a report came out saying that the SEC lacked basic security controls. Luckily it’s just our economy we’re talking about. Link
Some Apple users have had their iCloud accounts hacked—likely by sharing passwords with another account that’s been compromised and published online—which resulted in the attacker locking their Macs remotely and then demanding money to unlock them. Link
Adobe posted their private PGP key on their blog. These people must have cursed the gods in a previous life or something. The whole company is like a giant Flash vulnerability. I’m loving the subscription model for their tools, though. Link
Verizon has had another data leak via—you guessed it—an unsecured Amazon S3 bucket. The content was scripts, server logs, etc. that included internal usernames and passwords. Link
The CCleaner tool has been infected with malware and has compromised at least 700,000 PCs, and Cisco’s Talos group believes that the authors attempted to get inside 18 major tech companies for the purposes of espionage. Link
ISO has rejected two NSA-designed encryption algorithms, apparently because they aren’t sure they can trust the NSA. Fair enough. Link
Swiping to enter your passwords on Android is an extremely weak protection against shoulder surfing, with 64% of attackers being able to reproduce a login after observing only one example. Link
Patching: Apache, iTerm2
Technology news
Google bought part of HTC’s smartphone team for $1.1 billion in a move that looks to be an acquihire of around 2,000 HTC employees and a longterm commitment to more seamlessly merging their hardware and software on mobile. Link
It looks like the GPS accuracy of our personal tech (and probably cars) will get upgraded in 2018 from 5 meters to 30 centimeters. And not only is it far more accurate, but it’ll work way better through buildings and other obstructions. Link
London will not renew Uber’s license in the city, citing quality concerns. Link
The Washington Post has a bot that’s posted over 850 articles in the past year. It’s mostly been factual updates, but expect this to upgrade in quality and start pushing on human talent before long. Change is coming swiftly here. Link
Human news
A massive new study of over 130,000 people across 17 countries has shown that even minor daily activity like vacuuming or walking to work (150 minutes per week) can reduce one’s chances of dying of any cause by 28%. And people who spent more than 750 minutes walking briskly reduced their chances of dying early by almost 40%. Basically, do anything active for 30 minutes a day. Link
Some economists are predicting a labor shortage due to the combination of economic growth and more and more people exiting the labor market (many of which are getting on disability and taking opiates). I’m interested in how this prediction will intersect with my own analysis of motion towards the gig economy, individual influencer/brands for services, and companies preferring to use contracted/temporary employees. Link
Scientists put slime mold onto a map of Tokyo and it quickly built the same train system that humans did. Link
Making projectiles out of Tungsten is evidently quite effective. Link
Ideas
With Facebook and Google You Are Literally the Product Link
Gender Dysphoria Contradicts Both Conservatives and Liberals Link
Co-working (in an office) may be getting popular because it’s about team productivity, not individual productivity. So while it may be true that YOU work better remotely, that doesn’t mean the team gets more done that way. Interesting perspective. I think a balance is needed. Link
Text Size and the Quality of Content Link
Discovery
Israeli researchers exfil data from air-gapped networks using infrared camera LEDs. Link
Explore Neural Networks in your browser. Link
Counterintelligence for Cyber Defense Link
An interesting perspective on “the Notch” on the iPhone X that basically says it’s going to become the new distinctive feature of iPhones. Link
Android Oreo has a number of significant security improvements, including stronger separation of third-party and core Android components, and an improved update mechanism. Seems like a solid security update. Link
A study indicating that IQ maps pretty directly to income. I don’t have enough statistics training to quickly check his work, but the tone seemed genuinely curious and non-biased. Link
AWS Extender — A Burp plugin for testing the security of Amazon S3 buckets. Link
Git Secrets — Prevents you from committing secrets to your repository. Link
Mindweb — a full (and visual) computer science curriculum online. Link
SniffAir — A wireless sniffing system by Rob Fuller (@mubix). Link
RepoSsessed — A project of mine that scans GitHub repos for various types of vulnerabilities (currently focused around secrets). Link
Notes
Haven’t read as much in the last week or so, but I’m still finishing The Fourth Turning and Essentialism.
I’m all Apple’d up with the latest gear (except the iPhone 8 because I’m waiting for the X). I have a new Space Grey Aluminum 42mm Series 3 watch on the way (with LTE), and just installed my new AppleTV with 4K. It’s stunning.
Recommendations
What You Need to Know About Climate Change. I know some of my readers are skeptics, and I know some of you are not. Regardless of which group you fall into I urge you to listen to this podcast. I’m one of those people who’s convinced that we are causing extraordinary warming, but I’ve always hated the fact that there don’t seem to be clear explanations of how we know there’s a problem. That’s precisely what this episode addresses. Link
reddit.com/r/wholesomememes — a Reddit sub dedicated to being excellent to each other. It’s just positive stuff, and I’m telling you that you should incorporate it into your routine. It might change how you see humanity in a positive way. Link
Aphorism
“The important things are always simple. The simple things are always hard. The easy way is always mined.” ~ Murphy’s Laws of War
|
|
|
You can also sign up below to receive this newsletter—which is the podcast’s show notes—every week as an email, and click here to get previous editions.
And if you enjoy this content, please consider supporting the site, the podcast, and/or the newsletter below.
Thanks for listening. I’ll see you next week.
