Unsupervised Learning

Every week I consume ~20 hours of content about security, technology, and life, and then curate what I learned into a digestible summary.
WEEKLY MEMBER VERSION

Security News


With all the big stories happening in infosec right now, congress snuck a remarkable new law into the $1.3 trillion dollar spending bill just signed by the president. The CLOUD act (no, it's not limited to Cloud things) basically gives major world governments (not just the U.S.) the ability to bypass privacy protections and demand peoples' data from private service providers. It's incredible that this was just snuck in there while we were all talking about Facebook and other topics. It's like an ultimate privacy bypass card for world governments, and just in time for GDPR. Link

Facebook has evidently been scraping text and call information from people who had the Android version of the Facebook app installed. Not the iOS app, just Android. I am repeatedly stunned at my friends—in infosec no less—who use Android because they emotionally dislike Apple and its walled garden ideology. When you use Android you're using an operating system that was literally created to extend an advertising platform to mobile. The incentives could not be more misaligned. This is just another case in point. Link

People are highly focused on the privacy impact of the Cambridge Analytica data leak story, but the much more interesting angle is that the company is actually a conservative-backed data company that specializes in helping candidates win elections (and more broadly, influencing opinion). They helped get Ted Cruz elected, for example, and they've been influencing African elections for years. In other words, they're a politically motivated influence organization that uses big data analysis as their tool of choice. Facebook was just a rich data source for similar operations its been doing for years. Link Link Link

The DNC hacker, Guccifer, has been identified as a Russian hacker, but this is something that many in the infosec community have strongly suspected for quite some time. Many others chose to deny it, however, believing that they had the moral high ground of not believing things until there was overwhelming proof. The problem is, we're usually dealing with imperfect information when doing analysis and making decisions—especially in cyber—and if we always waited for perfect information we'd be both paralyzed and gullible. If you believe nothing you can be convinced of anythingLink

Someone has put child porn on the Bitcoin blockchain. So now, anyone participating in the network is potentially hosting whatever that content is. It was funny with the Tiananmen Square stuff because it was attacking China's censorship, but this is just perverse. Link

Facial recognition wasn't enough for China, and they're now looking to add voiceprints to the National ID Database as well. Link

Our new National Security Advisor, Michael Bolton, hired Cambridge Analytica right after it was started in 2014 to influence Americans into being more pro-war. Link

It appears that Russia is now arming the Taliban in Afghanistan to help them fight U.S. forces there. Extraordinary. They're giving weapons to the same people who ousted and embarrassed them in 1989, and in doing so are spawning another proxy war with us. Link

The U.S. military is working on a new capability that creates the Laser-Induced Plasma Effect, which basically throws human sound through obstacles over great distances. They're working on getting it to be able to through human speech right into people's ears, which will obviously have many applications from propaganda to crowd control. Link

Advisories: Drupal, Etcd


Technology News


AI is starting to be used to monitor calls for tone and emotion. Link

Amazon is looking to launch Alexa for Business to live in your conference room and help with various business tasks, such as scheduling and collaboration. They should definitely fix the random laughing first. Link

Amazon just passed Alphabet to become the world's second most valuable company, right behind Apple. Link

Amazon's strategy is focused around four things: machine learning, home automation, robotics, and space exploration. Link

IPOs: Dropbox, DocuSign


Human News


The Longevity FAQ is a list of different areas of research around extending human life. Link

American happiness is way down in many states as compared to 10 years ago. There are some interesting correlations with state metrics, such as education, poverty level, racial constituency, income levels, etc. Link Link

Hawking is to be buried in Westminster Abbey, right next to Newton and Darwin. Link

This is a technique that was used by the U.S. Military in WWII to get 96% of overstressed pilots to fall asleep in less than two minutes. Link

About 24% of Americans say they haven't read even part of a book in over a year. I think those numbers are way too low, likely due to embarrassment and lying. More interesting are the data on who scored highest and lowest. 38% of Hispanics said they hadn't read even part of a book, 37% of people with only a high school diploma or less, and 36% of people who make less than $30K/year. For the best numbers it was college educated people and those who make more than $75K/year. Link

The Chinese are buying failing U.S. colleges. Link

It appears that genetics play a role in who does and doesn't get divorced. Link

Many cities provide 1-way tickets for homeless people that want to leave. Link


Ideas, Trends, & Analysis


People are once again upset that the Austin bomber (white) is not being treated like a terrorist, whereas he would have been if he were black or Muslim. There is some validity to this in the sense that he was homeschooled in a hardcore Christian family and loved guns and such, and if you changed that around to be a homeschooled Muslim who liked guns the entire midwest would call him a terrorist. But it's all a red herring. The question isn't whether he was Muslim or Christian, or whether he was broken by a fundamentalist upbringing. That seems clear. The only thing that matters is whether or not he committed the violence in order to send a political message or to further a political goal. If he had a message that he was trying to spread, or he was working with a group to further some strategy, then he is absolutely a terrorist. If not, he cannot be. Terrorism requires an agenda. It requires goals. It requires a message. If you don't have those, then no matter how you became broken enough to kill people—Islam, Christianity, child abuse, whatever—you are simply committing violence when you harm people. It doesn't make it any better of course, because people still died. But we can't overload terrorism to mean any kind of violence that seems scary somehow. Words that mean too much, mean too little. Link

I just thought of a sick potential move for Amazon. Buy Nordstrom, but use it as a tag for only the highest tier of brands. So Amazon goes to all the top brands and says, “You'll do business with Amazon, but your clothes will not be seen on the regular Amazon site. It'll only be seen in the Nordstrom section, and at Nordstrom stores, which we now own”. Now Amazon has a store presence AND access to the elite brands that have been holding out for fear of low-end associations.

A new article in the New York Times talks about genetic differences between the races, and calls us to action on speaking openly about them so that racists won't be the only people doing so. This is something I wrote about here, when I said, “Liberals must be willing to speak truth so that the enemy isn’t the only one doing so, because they twist it, distort it, and use it do evil”. Note that when I say enemy I mean the extreme right (and left), not conservatives in general. The truth is bumpy and sharp, but it's our only path to long-term happiness. If we lie to ourselves, and to each other, it will always end poorly for us. Link

POSSE stands for Publish On your own Site and Syndicate Elsewhere. If you create content in any way, this is the way I recommend you do it. It's the method I've been using for over 15 years. Your website is your center. Everything else just points to it. Don't use third parties as your center. Link

What if you could live your life backwards? Link

Germany seems to have a tech innovation problem based in overthinking and bureaucratic management structures. Link


Discovery


Awesome CTF — A curated list of CTF frameworks, libraries, and resources. Link

An Application Penetration Testing Methodology Link

Google uses Upvote and Santa for binary white/blacklisting. Link Link

Analyzing VPC Flow Logs Link

Spacecrab — An AWS honey token system. Link

People are really liking PubG mobile. Link

10 steps to building an incident response plan for your company. Link

Spamnesty — You can forward your spam to this service and it'll waste the spammer's time on an epic scale. True internet heroism. Link

URL Canary — if someone accesses a custom URL you create, you'll be notified. Link

Nmap 7.70 is out. Link

ODIN — an OSINT automation tool. Link


Data & Statistics


94% of car crashes are caused by human error. Bring on the (flawed) self-driving cars. Link

Around two thirds of gun deaths in the United States are from suicide, not homicide. Link

About 24% of Americans say they haven't read even part of a book in over a year. I think those numbers are way too low, likely due to embarrassment and lying. More interesting are the data on who scored highest and lowest. 38% of Hispanics said they hadn't read even part of a book, 37% of people with only a high school diploma or less, and 36% of people who make less than $30K/year. For the best numbers it was college educated people and those who make more than $75K/year. Link

Absolutely stunning stats on the differences between black and white boys in terms of income, marriage rates, incarceration, etc. It was fascinating to see how much of a male problem it was, with black and white women being far more equal. Link Link

Over 600,000 people watched Drake play Fortnite the other day. Link


Notes


I created a list of Practical Security Principles, which are taken from everything I've read in security, all the various security aphorisms I've picked up over the years from tons of smart people, and of course the actual canon on the topic. What I found is that any of those by themselves aren't that good, and there's not really any good list that combines the best from all of them. So I made one. Let me know what you think of them. Link

People keep telling me that I should have a wider range of membership options because those who are able to support me are often able to support far more than $5/month. Some people like my buddy Jim M. are at the $100 level, for example. Everyone reading this is already paying $5/month, so I'm already happy with that, but if you really like my work, and you have the ability to help out even more, you can go here to change how much you give every month. Remember, this is completely voluntary—you're already awesome as it is! Upgrade to: $25 $50 $100



Recommendations


Read Fooled by Randomness, by Nassim Taleb Link


Aphorism


“You can replace lies with truth, but myth is only displaced with a narrative”. 

~ Nassim Taleb
 

Thank you for being a member…
 

I spend between 5 and 20 hours on the show every week, and that's only possible due to members like you.


Thank you,


Tweet
Post
Share
Email a friend about Unsupervised Learning...

MANAGE YOUR SUBSCRIPTION

: :

Copyright © 2018 Daniel Miessler, all rights reserved.

Click here to stop receiving the Unsupervised Learning Newsletter.