Subscribe here to get this in your inbox every week.

Security News


The DHS is launching a new group to protect critical infrastructure. Link

Cisco is buying Duo Security for $2.35 billion. Link

Reddit had a security incident related to SMS 2FA, and their write-up on it is quite solid. I can actually gain trust in a company if they do an incident report well, and I think they’ve done that here. Link

It’s possible to identify individual Twitter users using only metadata. Link

BurpSuite has a new crawler, which allows for automatic session management. As a web app tester, this is fantastic news. Link

A number of sources are reporting that spam is increasing, and one often-mentioned reason is the decline of Adobe exploits. It’s an interesting lesson that economics is about changes and externalities. 

CompTIA now has a new penetration testing certification, called PenTest+. Link

Marina Butina—the Russian spy working in the U.S.—evidently blew her cover by getting drunk and bragging. This is very common for  Link 

Venezuela’s President has survived a drone strike assassination attempt. Link

North Korea is building more nuclear missiles. Link

Russia sold 84% of its U.S. debt between March and May of 2018. Russia said they just wanted to get more into gold, but given the information warfare campaigns they’ve been running against us, I can’t help but jump right to a pre-attack shorting move. No hard data to back that up—just a feeling. Link


Technology News


Draw This is an instant camera that creates cartoons using machine learning. Link

T2F is text-to-face generation using deep learning. You describe a person and it gives you an image. Link

Full genome sequencing is down to around $500 now, at least for this company. I’ll probably give it some time and see how the reviews are before I try it. But I’ll do it soon. Link

40% of VCs went to Harvard or Stanford. Link

BookTubers are YouTube influencers focused on books and reading. Link


Human News


Captain Picard is back in a new Star Trek series! Picard is the epitome of a true leader in my mind, and what I learned from that character continues to inform me even now. I bet he’s going to teach us this time (among other things) about the value of truth and facts in a world full of misinformation. Just a guess. Link

A Stanford study has linked depression to the lack of an over-the-counter supplement called Acetyl-L-Carnitine. Link

There’s a new, elegantly simple card game called The Mind that is attracting a cult-like following. Link

Even mild dehydration can impair cognitive performance and mood. Link

Bacteria are starting to adapt to the alcohol in hand sanitizer. Link

A study by Bank of the West found that almost 70% of millennials regret buying their homes. Link

Japan is urging workers to take Monday morning off to combat overwork. Link

The FDA may soon approve MDMA for treatment of PTSD. Link

France has banned smartphones from classrooms. Link

Young workers aren’t interested in construction jobs. Link

Parents are hiring Fortnite tutors for their kids. Link


Ideas, Trends, & Analysis


Many believe that blogs are less popular (and less read) now because of the shuttering of Google Reader, and the subsequent consolidation of content consumption on platforms like Twitter, Facebook, Reddit, and Medium. Link

I’m reading the Superforecasting book, and the high-level summary of what makes a top-tier predictor is someone who is dedicated to self-improvement. This makes sense to me because it’s consistent with someone who doesn’t cling to the past—including past opinions. When the information changes, your opinion changes with it. Link


Discovery


BurpSuite has a new crawler. Link

Burp’s new crawler has automated session handling. Link

Burp’s new crawler can handle changes in application state. Link

Leonardo Da Vinci’s to-do list from 1490. Link


Notes


I’ll be in Vegas this week for BlackHat / DEFCON, and you should come by the IOAsis to help us celebrate 20 years. We’re at the House of Blues on Wednesday the 8th, and we’ll have a ton of security talks, plenty of hydration and caffeine, as well as massages! And new for this year, we’ll have the EA Experience Gaming Zone, where you can play some of the newest EA games.

I’ll also be available around BH/DC to chat about my Attack Surface Monitoring service HELIOS. TL;DR: it monitors your external attack surface—both on-prem and cloud—and tells you almost instantly when something dangerous gets exposed. So if someone makes a mistake and accidentally puts a database on the internet, leaves a web admin interface out there, exposes data via S3 buckets—and dozens of other types of exposures—you’ll know immediately via API push, Splunk, Slack, etc. Reach out to me here if you want to arrange a chat.

Books I’ve read recently: Subscribed, The Accidental Universe, Venture Deals, Origin Story, The Order of Time, Factfulness. And I’m currently reading Superforecasting.

And thank you so much to those of you who sent in fiction ideas. I received almost a hundred responses on that, and they were fantastic. I now have a solid queue of fiction titles as well! The first two are going to be The Way of Kings and The Blade Itself.


Recommendations


Consider running  ssh-keygen -p -o -f $PRIVATEKEY on your SSH keys to remove a vulnerability related to SSH key storage formats. Link
 

Aphorism


“There are two kinds of fools: those who suspect nothing, and those who suspect everything”.

~ Charles Josef de Ligne