No. 70 | March 19, 2017   |   View in your browser.
Unsupervised Learning is my weekly curation of the most interesting stories and ideas in infosec, technology, and humans

Listen to the podcast version.

Infosec news  

Two Russian FSB members and two Russian hackers collaborated to execute the Yahoo! breach in 2014. This isn't the 2013 Yahoo! hack of a billion accounts. Or the other one. This is the 2013 one. Link

Adobe and Microsoft both pushed out significant patches last week, with Adobe fixing a bunch of Flash issues and Microsoft dropping 18 update bundles. Link

1 million decrypted Gmail and Yahoo! passwords are available for purchase. Link

Brian Krebs is reporting another PoS breach, this time for a restaurant chain called Select Restaurants. His analysis is that the hospitality and restaurant industries are massively owned, and that this is especially true for smaller chains that don't have direct relationships with the banks whose cards are being run through their PoS systems. Link 

In a regular yearly tradition at CanSecWest in Vancouver, vulnerabilities were found in Safari, MacOS, Microsoft Edge, Adobe, Firefox, etc., and someone also escaped a VM. Link

US-CERT has thrown some shade at HTTPS interception applicances and services like Cloudflare by saying they have a negative effect on secure communications. Link

33 million US employees have had their data leaked. The data was discovered by Dun & Bradstreet, and is available in Have I Been Pwned.  Link

GitHub rewards an $18,000 bounty to a researcher who found an RCE issue in GitHub Enterprise. Link

Ubiquity has a critical command injection vulnerability in more than 40 of its products' admin interfaces. Researchers reported the issue(s) to the vendor through its HackerOne bounty program, but went public with it after receiving an unsatisfactory response from the vendor. Link

A Secret Service laptop, security lapel pins, and radio were stolen from a Secret Service vehicle in New York City. Some of the items have supposedly been recovered, but it's not clear which. The incident is yet another entry in the book of recent embarrassments for the group. Link 

Sound waves have been used to confuse common accelerometers. Link

A new version of the Shamoon malware, called StoneDrill, has been found on a European petroleum company's systems. Shamoon was popularized back in 2012 for wiping disks at Saudi Aramco, and the new version does that even better and adds lots of more advanced functionality. Link

38 Android devices infected with malware pre-installed in the supply chain. Link

WhatsApp and Telegram have flaws that can lead to account compromise. The issue is improper parsing of malicious images in the web version of the application. Link

A man has been arrested for cyberstalking after sending a flashing tweet to a journalist who has epilepsy. Link

Trump has put $1.5 billion in the new budget for cybersecurity and critical infrastructure. Link

Technology news                                                    

Tesla is raising over $1 billion to offset the risk of the Model 3 bet. Link

Uber president Jeff Jones has quit among turmoil at the company. Link

Oxford scientists, in cooperation with Google's Deep Mind division, say they've created an AI that can lip-read better than humans. Link

Microsoft is putting ads all throughout Windows 10, including in the explorer window. Link

BMW is shooting for a level 5 autonomous car by 2021. Link

Netflix is dropping their five star ratings for a thumbs up or thumbs down. Basically, nobody ever uses 2-4 stars; it's always 5 or 1. Link

Teslas massive batteries are being used to power everything from breweries to small islands. Link

The U.S. Army gets the first 60kW Beam Combined Fiber Laser Weapon. I'm excited and scared at the same time. Mostly excited though. Link

WePay now supports ApplePay and Android Pay. Link

Intel has purchased MobileEye for $15.3 billion. Their technology does computer vision for autonomous driving. Link

Everyone is spinning up for 5G. "Nothing will be mobile because everything will be mobile." Link

Sony is working on mobile-to-mobile wireless charging technology. Link

Nintendo is doubling production of its wildly popular Switch console. Link

Microsoft's Slack rival, Teams, is now open to all Office 365 users. Link

Human news                                                  

Numerous and sustained studies of "learning styles" have failed to find scientific support for the concept. Link

Police have got a judge to petition Google for an entire city's searches for a given phrase, in order to help solve a fraud case. Link

Tim Cook says globalization is in general great for the world. After reading Naked Economics by Charles Wheelan, I too agree. Link

Bill Gates wants to tax robots. Link


Failure, and How to Help People Avoid It Link

Green Zone, Red Zone Link

AI is about to massively change healthcare. Basically, you give more and more of your data, and the system tells you when you're sick, and exactly what to do to optimize outcomes. And it'll do this way better than human doctors. It'll basically be using the power of the entire human dataset each time it looks at you. Link


The 6 levels (0-5) of autonomous car autonomy. Link

A list of the crazy cool projects that DARPA is currently working on. Link

Principles of Covert Action. Link

Five myths about obesity in America. Link

Analysis of docker image vulnerabilities. Link

Glitch --- A collaborative community for building applications, bots, or webpages. Link


Brian Romelle, a prominent technologist focused on the voice-first revolution tweeted out my book last week, and generated a solid amount of interest. If you haven't read the book, or you've read it but not reviewed it, please take the time! Link

I'm speaking at HouSecCon this week with Jason Haddix on our Game Security Framework. The session will be recorded and we'll share it when it becomes available. Link

I've finished Sapiens and have started on Homo Deus. And, yes, Homo Deus is about humans becoming gods, like I said originally. Deus is Latin for god. Someone sent me a correction, which turned out to be wrong. Derp on my part. Link

I really wish Apple Watch had a round form factor instead of square. I get that the iPhone is rectangular, and that this is the shape of all their widgets, but high-end watch faces are mostly round. I'd give anything for an Apple Watch face that looked like a NOMOS TANGOMAT DATUM. The bad news for the watch industry is that I'm basically just going to wait for smartwatches to reach this level of craftsmanship. I can't see myself going back. Link

The OSINT primer is still coming along. Being onsite with customers and other projects have extended the timeline a bit. But it's coming. 

I'm working to get some new wordlists (payloads and usernames/passwords) incorporated into SecLists. I've reached out to the creators of the various GitHub projects and they were happy to be incorporated. Will integrate as time allows.


When you patronize hotels and restaurants (especially the smaller ones), expect the chance of POS malware to be far higher. Use a credit card rather than a debit card, and maybe don't use your favorite one. Consider designating a throw-away card that you use for higher-risk transactions, and that you don't mind having replaced frequently.


"People don't seem to realize that their opinion of the world is also a confession of character." ~ Ralph Waldo Emerson

Get my new book on the predictable way in which timeless
human drives will manifest through technology,
The Real Internet of Things.
Copyright © 2016 Daniel Miessler, All rights reserved.