Someone hacked a stolen credit card store called BriansClub, which resulted in the loss of stolen credit cards. It's very meta. It ended up being around 26 million credit and debit card numbers. Around 8 million of them were uploaded from 2019, but the collection goes back around 4 years. More

Autoclerk (a reservation management system owned by Best Western) left an ElasticSearch database online with no security on it, which resulted in the exposure of 179GB of customer, government, and military records, including DHS. Some of those groups were using the compromised system to make travel plans. More

FireEye says Chinese APT41 hacked the company that creates TeamViewer, and that this could have given them access to any system that has it installed. More

NSA and GCHQ says Russians penetrated an Iranian hacking group and used their TTPs to hack into other targets. This kind of complexity is why attribution is a tricky thing. More 

There's a rash of JackSpotting attacks taking place across Europe and the US, which is where someone gets physical access to the inside of an ATM and installs malware on it that makes it spit out its money. Pretty cool, but yeah, physical access is needed. Turns out you can make a lot of stuff happen if you have physical access to a very old computer (which most ATMs are). More

The Pixel 4's face unlock technology works even if your eyes are closed, which is bad because you could be asleep—or worse—dead. But I'm super into the device's new Astronomy mode. More

France is going to try to roll out a national ID system backed by facial recognition. Weren't they (along with Iceland) the unelected privacy champion until recently? What happened to change that? The bombings a few years ago? They could be facing serious opposition in Europe, however, since the EU is generally quite privacy-focused. More

Samsung has an issue with its fingerprint readers taking any fingerprint instead of only the authorized users', but they say it's a problem with screen protectors, and they're rolling out a patch that's supposed to address it. More

Universities might have to start thinking more about OPSEC and OSINT given the state of mental health. Traditionally they've been very open with information about professors, including where they live and work, and that could be a problem if they start becoming targets. More

Microsoft is warning people not to install the latest Windows 10 update because it may bork Microsoft Defender ATP. More

The US is no longer going to use 8-inch floppy disks to operate its nuclear weapon systems. That's the story and the joke, all in one. More

Advisories: NordVPNSudo on Linux, Linux WiFi bugPulse Secure VPN, Adobe, BIND, Oracle, Cisco

Jobs: Reddit's Q4 2019 Hiring Thread


An Outback in Oregon is implementing surveillance combined with AI to provide efficiency metrics on wait staff and how they interact with customers. We're likely to see this in a lot more places than an Outback in Oregon. This is the kind of stuff that factories and warehouses have been wanting for years, and it only makes sense that it goes to other types of businesses. Think office spaces, fast food, etc. More

Researchers at the University of Washington have developed a smart-speaker application that can monitor the breathing of infants. It works by playing white noise and detecting the subtle changes in its pattern caused by the motion of the baby's chest. More

Facebook is no longer among the top 10 most valuable global brands. I hear they're having serious problems with recruiting because of their fall from favor. More

Swarm just got FCC approval to launch its collection of 150 satellites to provide low-bandwidth internet connectivity to remote equipment. SpaceX tried to shut them down by complaining about various things, but the FCC liked what they had to say in response. The satellites are extremely small. Like, fit-in-one-hand-small. It's so remarkable to me that there's tons of this stuff just floating around up there. More


The suicide rate for 10 to 24-year-olds increased by 56% between 2007 and 2017, and 13% of teens in 2017 reported having at least one major depressive episode in the past year. That's compared to only 8% for Millennials at the same age in 2007. Bottom line is that things seem to be way worse for GenZ than Millennials, and we're still working out the reasons. More

An amateur astronomer found the first interstellar comet, Comet Borisov, so-named after the discoverer. Interstellar means it's just passing through, as opposed to orbiting the sun. More

California just passed a law saying school can't start before 8AM, which comes out of years of research saying that young people are not morning people, and that they need to get more sleep. More

The number of people identifying as religious continues to quickly fall in the United States. Since 2009 the number of non-religious has jumped from 17% to 26%, and the number of people saying they're Christians dropped from 77% to 65%. That's just 10 years. Color me silly, but I predict that the data will show (much later on) that this was a significant factor in the happiness crisis we're currently experiencing. Say what you will about religion, but it's a meaning structure, and you can't lose that much underlying meaning—that quickly, and without a replacement—without having negative consequences. More


Marc Benioff did a NYTimes piece where he says we need a new capitalism that focuses not only on shareholder value, but also on the effects on employees, customers, and the planet. I fully agree, and I wrote something similar here last week. More

Many colleges are dropping SAT/ACT requirements for admission, and a big factor is the research that shows that those scores are highly correlated to the education/wealth level of students' families. So they're basically saying that test-taking performance is tied too strongly to family pedigree, which is uncomfortable for them. The problem is, this applies to everything. Good families tend to have good genes and a good environment, which tends to result in good outcomes. That's the whole point of me studying all this evolutionary biology and economics and sociology; it's to understand the various knobs that help and hinder people, so we can learn how to adjust those variables. The more I study, the more deterministic things start to look, and this is especially true when you realize that having a good work ethic fits inside of this model, not outside of it. But there's still plenty of room for freedom in this paradigm; it just has to work within an Absurdist framework. Absurdism is my favorite concept because it applies to so many things. For universal meaning it means behaving as if it exists, even if it doesn't. Same for free will and for criminal justice in a world without it. And for human outcomes, economics, and policy-making, it means accepting that we cannot know all the variables. So we must emphasize the individual and their potential for world-altering excellence, regardless of the variables that seem stacked against them. Basically, as humans, we must explore and chart the deterministic truth to life, yet embrace and encourage the naive and wonderful belief in our ability to be more than what we are. Because, ironically, that belief is the only thing that can make it so. More

Here's a fun exercise you can do with a blank sheet of printer paper. Orient the sheet vertically, and draw two lines down the page that divide the space into three equal columns: left, middle, and right. In the left column, write down all the bad things that are happening in the world right now, e.g., China on the rise, mass protests throughout the world, the US pulling out of Syria, the US falling from favor throughout the world, Brexit, Russia developing closer ties with China, etc. Now, in the middle, place a checkbox next to each of those items that Putin is happy about. Finally, in the right column, place a checkbox next to the items that Russia—through various means—might have helped bring about. It's fascinating. My prediction is that in the coming decades, Putin will come to be known as one of the best strategists of all time. I really cannot wait to read the books about what's happening right now—in this moment we're living through.


I just bought Logic Pro X and some Roli gear to continue on my EDM musical journey. Basically, I've wanted to make music for a long time, and the entry barrier is quite steep. But I'm going to be taking a lesson soon (on Logic combined with Roli), and just jumping in full-force. If you're into making EDM and are familiar with those tools, and have any wisdom for me, I'm eager to hear it. 

I'm reading Little Brother and the Rise of Surveillance Capitalism simultaneously right now, and they're both glorious in very different ways.

I'm like 20 days into meditating for at least five minutes a day. I think I already see benefits, and I'm not even good enough to be a novice yet.

I have two art ideas that I want to try to paint, and I'm looking for a studio in San Francisco where I can experiment. So that's music and painting that I'm actually making progress on in the creative expression world, which only leaves out the fiction writing bit that I also want to do. I don't count the writing I actually do because it's explanatory or exploratory rather than creative.

I'm going to be trying to tweak the podcast sound to be less bassy and more crisp and natural. Let me know what you think of it. I almost bought the mic that NPR uses, by Neumann, but thought better of it. It's super sensitive and made to be used in a sound-treated studio. I have something more like a studio apartment, which is way different. 


GYROSCOPE is a life (mostly health) analytics system. If you're into the quantified-self, this is worth looking at. More Screenshot

Thinkst Canary Tools have been one of my favorite security products for years. I like them because they're a high-signal, low-noise way of detecting malicious behavior on your network. More 

A cool little DIY project that combines reinforcement learning with wardriving. More

These are the 29 countries vulnerable to SIMJacker attacks. More

Wardriving for Autonomous Vehicle traffic. More

Lesser-known coding fonts. More

RDP honeypotting. More

QSReplace — my buddy TomNomNom's awesome tool for editing URL parameters via the CLI. More


If you only read one book on technology in 2019, this needs to be it: The Age of Surveillance Capitalism. It's about Surveillance Capitalism (obviously), but to security practitioners it's really a book about privacy. More specifically, rather than just saying losing privacy is bad—which everyone knows and is so common a sentiment as to be ignored—it provides a vivid image of the companies and industries that are trying to literally influence and control global behavior through data. So forget the surveillance part: think of it as a privacy book. And in my opinion, it's the best book on the topic. 10/10, must-read. More


“Decay is inherent in all compounded things. Strive on with diligence.”

~ Buddha
If you enjoy the newsletter, you should consider becoming a member so you can get it every week instead of just twice a month! $5/month $50/year
Tweet Tweet
Share Share
Forward Forward