This is episode No. 93 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 30 minute summary. The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well…
This week’s topics: Equifax fallout, BlueBorne, Microsoft RCE, iPhone X, Dumping AWS, Cassini, tech news, human news, ideas, discovery, recommendations, aphorism, and more…
Listen and subscribe via…
Read below for this episode’s show notes & newsletter, and get previous editions…
Infosec news
It looks like the issue that lead to the Equifax leak was an Apache Struts issue that had not been patched for a couple of months. The CIO and CSO have been encouraged to explore other opportunities. There is a lot of focus in the InfoSec community around the fact that the CSO had a music degree. As I wrote about here, I think it’s completely irrelevant. Link
Eight (8) vulnerabilities were revealed in Bluetooth, which are collectively being called BlueBorne. Some allow RCE and others are less severe. They affect nearly all versions of Android and Windows, which means billions of devices. iOS 10 is not vulnerable, which accounts for 89% of iOS devices as of September 6th, 2017. Link
Microsoft has put out patches for numerous issues, including for a serious RCE flaw in .NET. An attack using this vulnerability was found being used by the FinSpy commercial spyware product (also called WingBird). Link
Gartner says attacks against Android increased by 40% in Q2, evidently due largely to increased adoption of mobile banking. Link
Facebook has been creating audiences that match “Jew Hater” and similar extremist views, and then selling ads against those tightly optimized audiences. People wondered what evil would be possible when you have lots of great data. This is it. Link
South Park’s season premier purposely invoked Alexa for (I’m guessing) tens of thousands of people. It’s funny this time, but there will be versions of this in the future that won’t be humorous, e.g., changing the temperature in millions of homes and overwhelming power distribution systems, making purchases, opening doors, etc. Link
With some exceptions, consumer routers continue to be a security dumpster fire. There’s a new cluster of issues in some D-Link routers, ranging from RCE to the standard fare of hardcoded credentials, weak update mechanisms, etc. It’s like we’re not even trying. Link
Patching: BlueBorne, Flash, Coldfusion, Microsoft, D-Link Routers
Technology news
Apple released its iPhone X (ten, not ex) last Tuesday. I’m a complete Apple acolyte but can’t help but notice that all the main features (edge-to-edge display, wireless charging, and facial authentication) have already been out for months or years from other vendors. What I find so interesting about this is that it’s still likely to dominate because it’s so good at execution. As I wrote about here in 2007, Apple’s magic is in implementation rather than feature count. I expect the iPhone X to be the same with face authentication especially—with the effect being that it will seem Apple invented it even though they didn’t. Sometimes it’s about being first, but more often it’s about being the first to do it well. Link
HP has unveiled an unholy Z8 workstation of doom, with up to 28 cores and 3TB of memory. Link
Dropbox moved off of AWS, and I think we’re likely to see a lot more companies doing the same. It’s a pendulum swing issue. We went heavy to the Cloud side, and now it’s correcting a bit. I have a number of customers who are pulling back in simply due to cost. I’m not convinced they’ll see it the same way after they fully spin up the new stuff internally, but maybe they will. It depends on a lot of things, including the business you’re doing, the quality of your team, how efficient you are, etc. But we should expect these swings to keep happening until things stabilize technology-wise. Which right now is effectively never. Link
Starbucks will update its wireless chargers remotely so that they will support the iPhone 8 and X soon. Link
Human news
The Cassini spacecraft fell into Saturn on Friday morning, ending a flawless 20 year mission in space. This is a planet millions of miles from us, and they predicted the exact moment they’d lose radio contact down to a few minutes. Unbelievable. Link
A new study has given support the the Extreme Male Brain Theory of autism, which says that autistic boys and girls are basically exhibiting extreme versions of male traits, e.g., systematic vs. empathic thinking. They tested many boys and girls and found that autistic children of both genders had “hypermasculinized” faces, which is consistent with the theory. Link
A large new study of 7,985 adults over 45 years old showed a significantly higher chance of death among those who were sedentary. The recommendation was to break up sedentary periods with periods of activity. Sounds obvious when you say it like that. Link
When Seattle raised the minimum wage it made restaurants find ways to pass costs onto customers. One of the ways they evidently cut corners is by reducing their attention to hygiene. Link
A Stanford study has found that 99% of microbes in our blood has never been seen before or classified. Link
Facial recognition is about to go mainstream in the U.S. because of the iPhone X, but China has been doing it for years. They use it for things like discouraging jaywalkers and people who take too much toilet paper. Yeah… Link
Price changes in US consumer goods and services from 1997 to 2017. Spoiler: college and education way up, child care and healthcare up significantly, housing food and transportation up some, and software and tech gadgets way down. Quite a good visualization. Link
Daniel Kahneman, author of Thinking Fast and Slow, has been called out in a blog post on his use of a number of studies on Social Priming in his book that evidently have an extremely low reproducibility index. Social Priming is the theory that subtle cues can significantly and subconsciously influence human behavior. Shockingly, Kahneman showed up in the blog that raised the issue and basically said, “Yep, my bad. I should have known better.” Link
Ideas
A Rudimentary Threat Model for Password vs. TouchID vs. FaceID — how to determine your most important threat scenarios and then determine which authentication controls are best for you. Link
How to Tell If You Should Hire an InfoSec Person With a Music Degree — why it’s ridiculous to filter people based on formal education in InfoSec. Link
What if Attackers Pivot from Ransom to Extortion? — exploration of a potentially nasty switch in strategy that attackers could make against vulnerable companies. Link
The Most Important Skill You Can Cultivate — an essay by Andres Karinkovic about developing resilience as a life strategy. Link
Discovery
Godel, Escher, Bach: A Mental Space Odyssey, presented by MIT. Link
A story from 1999 where Palestinians refused to adopt “Zionist” Daylight Savings Time, which caused confusion about what time it was. As a result, two bombs went off an hour early during transport and killed three of the attackers. Link
These bacteria hide in tumors and consume chemotherapy drugs. Link
The front-facing camera on the iPhone X is basically a Microsoft Kinect. Link
I’ve not read it yet, but this Broken Earth book trilogy looks fantastic. Hugo winner two years in a row, and the third one just come out. Bumping to the top of my list. Link
Writing Prompts — A Reddit sub that gives you super interesting prompts for a short story (or even a novel). Reading these makes you realize how bad today’s mainstream movies are. If someone built movies around these ideas rather than what normally see we’d have some fantastic stuff. Same goes for Anime, actually. The stories in Anime are so much more creative than those in mainstream western movies. Link
The most male and female occupations, since 1950. Link
The Reason Today’s Kids Are Bored at School, Feel Entitled, Have Little Patience, and Few Real Friends — I normally dislike these types of articles, but this one seems extremely on point. Link
50 new features in the iPhone X, in case you’re wondering whether to get it or the iPhone 8. Link
Hack — a typeface designed for source code. Link
Whitelisting Cloudflare Using IPTABLES Link
Deprecated Linux networking commands and their replacements. Link
What’s new in IDA 7.0. Link
Testing for SSRF. Link
Notes
I’ve changed the settings on my newsletter signup form on the website. I’ve had numerous people tell me that it’s annoying, and I’ve asked the people who make the code to be better at detecting if someone is already a subscriber. I’ve basically set it to not annoy someone for an entire year once they do anything with it, and I’ve also set it to only popup when you leave the site rather than after a certain amount of time. Sorry for the annoyance; I’m trying to fix it.
I don’t see myself getting another iPad anytime soon, and this is especially true since they’re making me buy a giant phone (the iPhone X doesn’t come in the small or medium size). I love the iPad for drawing, but I don’t think I do it enough to justify the purchase. And the other use case of reading is not compelling (or convenient) enough when the iPhone X’s screen is now so large. It’ll feel good to dump the iPad and only have the iPhone and Watch.
I experienced the strongest sense of anthropomorphism in a long time with the death of the Cassini probe (see?). I honestly felt so proud for it, and so sad that it just did its job perfectly and then became a beautiful meteor and then nothing. It moved me, even after I saw it for what it was. We’re strange things, humans.
I’m working on a creative project that will start as a role-playing game but might eventually make it into computer form. It’s mostly a modern/tech-based game but quickly branches into other genres. The primary goal is to build a story arc that’s designed rather than improvised using elements that I’ve enjoyed from many other mediums. Supremely challenging. If any of you are writer / designer types and want to hear more, let me know.
I have a friend who is, for various reasons, desperate to get an MRI done in Seattle, and is wondering the best way to go about it. He’s tried going through normal channels and has been told he doesn’t need one by a couple of different doctors. So the question is: if your life depended on getting an MRI, but regular doctors wouldn’t listen to you, what are the options? If anyone is in the medical field in or around Seattle and has a way to make this happen, or even just some ideas, I’d be infinitely grateful.
Recommendations
This is Water is a must-see 9-minute video. It’s one of the few things that’s changed my philosophical mental model over the last several years, and I hope it does the same for you. Watch it. Share it. Link
Godel, Escher, Bach: A Mental Space Odyssey, presented by MIT. Link
How to perform a good programming interview. Link
The Flowing Data website. Link
Aphorism
“Action is the foundational key to all success.” ~ Pablo Picasso
|
|
|
You can also sign up below to receive this newsletter—which is the podcast’s show notes—every week as an email, and click here to get previous editions.
And if you enjoy this content, please consider supporting the site, the podcast, and/or the newsletter below.
Thanks for listening. I’ll see you next week.
