The Unsupervised

by Daniel Miessler
The newsletter companion to my Unsupervised Learning podcast–my weekly collection of handpicked articles in InfoSec and Technology, and why they matter.


A major new Android vulnerability, similar to Stagefright, allows remote code execution on millions of Android devices. It's another vulnerability in the input validation mechanism across the OS. There is an update for a small subset of devices. If you use Android, I recommend getting a Nexus phone so you can stay as up-to-date as possible. Link

Congressional report slams OPM management on breach. Says they should have had basic security measures in place, including two-factor authentication. They were tracking one breach and failed to notice that another one was happening at the same time. Background reports and fingerprint data stolen. Link 

Google upgrades Android security with Nougat release. Adds a re-architected media server, which is what's used to process untrusted input. That's major. Also added verified boot, SELinux upgrades, Kernel Hardening, and improvements to whole-file signatures. More features described in the link. Link

Google removes SheshApp from the Google Play store that was used by Pakistan's ISI to spy on the Indian military. The ISI created the app that was popular with the Indian military, and once it was installed it uploaded tons of data to a German server where it was then collected. Link

Sophisticated OS X backdoor discovered that joins its Windows and Linux counterparts. Malware is able to capture screenshots, audio/video, documents, keystrokes, etc. Link

Google Chrome will soon indicate when a form field is being sent insecurely. It will show a Not Secure designation right next to the field, so you know to be cautious when entering data. Link

Wordpress users below 4.6.1 should upgrade to avoid newly discovered XSS and Path Traversal vulnerabilities. Link

Hong Kong company releases USB Kill device. Launches a surge against the system it's put into, often destroying it. Link

Intel security breaks off and becomes McAfee again. Imagine how much they spent doing the opposite. A great number of people are likely very upset about this. But name evidently matters, even if it's not a great name. Link

HPE spins off most of its software business, but Meg Whitman says they are NOT getting out of the software business. Will be interesting to see what happens to their security software, such as ArcSight and Fortify in a competitive market. Link 

Apple debuts wireless AirPods with 5 hours of music playback and advanced sensing technologies that know when you're listening and when you're not. Automatically switch between iPhone and Apple Watch. I feel like they're getting us closer to what earpieces will become. Link 


Currently reading Kill Decision, by Daniel Suarez. The book is terrifying. It's a look at the prospect of anonymous, automated drones being used to kill people. Highly recommended. Link

What's needed for activists is not a method for private communications, or a method to broadcast ideas. We have plenty of both. What we need is a method for quality messages to get out, while the disinformation and junk is squelched. Link

Subscription Retail. The concepts of subscriptions and curation combined into new services. Hello Fresh, Graze, etc., for food, but the idea is coming to all types of retail experiences. Fascinating stuff. Many people know there is great variety out there, and will pay to have others discover it for them. Link


The a16z Podcast. An absolutely fantastic podcast about technology trends. Cannot recommend it enough Link

TED Radio Hour Podcast on Big Data. Phenomenal show. Gives so much good background and solid examples of how big data and ML will change things going forward. Link

You suck at Excel, by Joel Spolsky. If you ever use Excel, which is most everybody, you need to watch this presentation.  Link

Notes from You Suck at Excel. This is a written capture of the tips learned in Joel's presentation. Link

Information Security Definitions. A collection of my attempts to clean up a number of misunderstandings around terms in InfoSec  Link

OhShitGit. How to get out of common bad situations when using Git Link

How to Install Suricata IDS On Any Linux Box in 5 Minutes Link


"Dream as if you'll live forever. Live as if you'll die tomorrow." ~ James Dean

Listen to the companion podcast for this edition of the newsletter.

Subscribe to the newsletter
Subscribe to the podcast.
Copyright © 2016, All rights reserved.
Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.