Unsupervised Learning

Every week I consume ~20 hours of content about security, technology, and life, and then curate what I learned into a digestible summary.
FREE VERSION (TWICE MONTHLY) | GET THE MEMBER VERSION (WEEKLY)

Security News


There's a new IoT botnet called VPNFilter that's affected more than 500,000 Netgear, TP-Link, Linksys, MicroTik, and QNAP devices. It's hitting Ukraine really hard, is presumed to be Russian, and has multiple capabilities, including spying on the infected network, serving as an elaborate proxy network for attacker anonymity, and also bricking the device at will. The List of Affected Devices | ​The FBI Says to Reboot Your SOHO Routers

Someone's Amazon Echo recorded a private conversation and then sent it to someone in their contact list. They got Amazon involved and the official answer is that the device heard the wake word, heard a command to capture the conversation, and then heard a command to send it to the recipient. In other words, it was a very unlikely and random occurrence. A friend of a friend equated this to butt dialing, which seems apt. They also tend to be funny and seldom catastrophic, but there are exceptions. I personally think smart speaker security is fairly low on the list of concerns people should have with their technology. I talk about it here in this essay and also in a Twitter thread related to it. TL;DR: If someone wants to hack you, it's not likely to happen through a smart speaker—it'll be through your email, laptop, and/or phone. Link Analysis 

Ghostery is one of the many companies that completely botched their GDPR charisma roll by improperly using the email BCC field. They sent out a privacy update to everyone but put all the emails in the TO field so everyone could see each other. Link

GDPR could significantly affect how much information is available via WHOIS, which could massively affect security researchers and many other people and companies in the industry. Link

PornHub has launched its own VPN client for iOS, Android, Windows, and macOS. Link

Amazon is entering the surveillance market with facial recognition software called Amazon Rekognition, and is working with a number of law enforcement departments. The software parses real-time video data and compares people to known persons in a database. Amazon described Orlando as a launch partner at an AWS conference last month in Seoul. Link

The head of IBM Research says to protect your data with quantum-resistant encryption algorithms (like Lattice Field) sooner rather than later, because within 10 years or so most common encryption will be useless. Link

Google is about to remove the secure label on HTTPS sites in September, replacing that with a red "Not Secure" label when you go to a pure HTTP site. Link

Advisories: The FBI Says to Reboot Your SOHO RoutersSchneider Electric

Attacks: ABN AMRO / Rabobank DDoS

Misconfigurations: SingTel Admin Port Redirect

Leaks: T-Mobile Exposes 74 Million Accounts


Technology News


Microsoft is creating a system to detect bias in AI algorithms. Link

A report says the Google shipped more Google Home and Google Mini speakers than Alexa did Echo devices last quarter. Hard to believe for me, since I don't know anyone who's buying Google devices. But that's why anecdote and data are not the same. Personally, I would not put a Google device in my home, nor a Facebook device. Apple and Amazon are different for me because they don't make most of their money by selling my data. Link

It looks like Apple may release some cool new NFC features that let you use your phone as your key or access card, like for hotel rooms, to get into your car, etc. I've wanted this forever. If I have to carry my phone anyway, I want as much of that auth functionality on it as possible. Keys are cumbersome. Keys get lost. And keys don't have really any security in them (other than usually being 100% local). Phone and watch please—no more keys. No more key cards. Let's hurry up with the future. Link

The New York Times is using an AI tool called Perspective to manage the discussions on their site. The tool looks for abusive language, harassment, and other things that they don't want in the conversation. Link


Human News


Role-playing games like Dungeons & Dragons is making a major comeback in popularity. I have a simple explanation. In the past, Role-playing was popular with a small subset of people because they were the people who didn't much like their regular lives, and they wanted something better. Well, now, there are millions of adults (and also kids) who fall into that same category. In short, life is just worse in terms of providing a solid foundation of meaning, so more people are looking for it elsewhere. Link | A Caution for Avid Gamers

4 out of 10 Americans (around 51 million people) could not cover a $400 emergency expense without selling something or borrowing money. Link

Air pollution in Chinese cities fell by an average of 30% between the years of 2013 and 2016. Link

A Malian immigrant in France has just been granted citizenship for scaling up a building almost instantly (and with no equipment) and saving a kid who was hanging from a ledge. Link

Japan's bestselling book right now is a self-help title called The Courage to Be Disliked, which teaches people how to ignore external criticism and embrace their own path to happiness. Very Japanese, but I think the Koreans could use a similar lesson. Link

This woman can smell Parkinson's disease. She's so good at it that when she was tested against 6 people who had it and 6 people who didn't, she got 11 out of 12 correct. But she insisted that she was right about the 12th as well, who was in the control group and didn't have it. Then 8 months later he was diagnosed with it as well. Link

U.S. satisfaction with how things are going is at the highest level (37%) since 2005. Link

McKinsey has released a report detailing what you should do to get ready for an automation and AI-based economy. Link


Ideas, Trends, & Analysis


I'm Not (Overly) Concerned About Smart Speaker Security, and You Shouldn't Be Either — My essay on why people are overreacting to smart speaker security concerns. Link

Resilience is the New Happiness. Link

Economic Inequality is the Norm, Not the Exception — My essay on why we should not be expecting to see the classes converge anytime soon. Link

Forget Solving the Cybersecurity Skills Shortage — A essay by Nick Hutton on why people alone can't save us from our problems in infosec. Link


Discovery


🔥 This guy built a completely silent computer. I'm totally making one of these (or having one made) when I live somewhere with some space. Link

113 Mental Models Explained Link

Google's style guide for writing shell programs. Link

The GDPR Hall of Shame — Yeah, just what you'd think it is. Link

How to Generate a Free Wildcard SSL Certificate With Let's Encrypt for Your Domain on Ubuntu Link

These are all the books Bill Gates has recommended over the last 8 years. Link

DejaVu — An open source deception framework. Link


Notes


I just installed Ableton Lite 10, which is software for creating EDM music, and took a two-hour class with a guy in Oakland. I have so many ideas, but I worry that I don't know enough about music to make them happen. I'm going to try, though. I learned for the first time what notes, keys, octaves, chords, and other music theory basics were the night before the class. For me it's all about the (Talebian) barbell: start with theory, then go full emersion. 

Want to see the coolest thing ever? This is my htop output from a Linux box I have. Link


Recommendations


I don't have kids, but I want everyone who does to read this. It's about Forgotten Child Syndrome, where a slight variation in a daily routine can lead a parent to think that their child is safe at home, with the other parent, or in daycare, when they're actually still in the car. Link

This is a visualization of how many years, weeks, and days people get to live. You should look at it periodically to prod yourself with the most important of questions: What have I done today? Link

This is the 90-second mindfulness exercise that Satya Nadella does every day. I have had trouble doing morning meditation (or any really), but I can do 90 seconds I think. Link


Aphorism


“If there’s someone you care about but haven’t spoken to in a while for whatever reasons, now would be a good time to reach out to them and let them know you’ve updated your privacy policy”.

~ Avi Flombaum
 

Stay informed for $5/month…
 

I spend around 20 hours on the show every week, and if you get value from it, please consider becoming a supporting member for just $5/month (or $50/year).

Members get the newsletter every week and can submit AMA questions, while free subscribers get the newsletter just twice a month.

 


Thank you,


Tweet
Post
Share
Email a friend about Unsupervised Learning...

MANAGE YOUR SUBSCRIPTION

: :

Copyright © 2018 Daniel Miessler, all rights reserved.

Click here to stop receiving the Unsupervised Learning Newsletter.