Copy


SECURITY NEWS


AIG says BEC has overtaken ransomware as the primary claim type against their cyber insurance policies in EMEA, accounting for 23% of claims. More Paper

The NSA Cyber Chief wants to share digital threat information early and often. I like the fact that they're opening up a bit, and I think it's only good for everyone (except bad guys). The more they share the higher the bar is for attackers, and the less time they have to use certain TTPs. This is exactly the type of Government-Industry interaction that we need to be doing more of to stay ahead of China. More

NYU did a report on how social media is likely to be used for misinformation campaigns in 2020. They say Instagram will be a much bigger player this time around, which makes sense given that images are the dominant meme carrier. Article Study

The Pentagon is looking for an ethicist to oversee the use of AI in the military. More

Hong Kong protesters are using mesh apps to avoid centralized bottlenecks and monitoring while in large crowds, but some are pointing out that such networks aren't necessarily secure. First you have to worry about the security of Bluetooth itself, and then you have to consider that you don't actually know who all is part of the mesh. Still, it's probably better than the alternatives in many cases. More

We knew it was coming, but someone actually pulled off a scam by using a voice deepfake to impersonate someone's boss. The victim transferred the scammer $243,000. This happens everyday (for smaller amounts) without deepfakes, but still. This just makes things like BEC that much worse when combined with other social engineering techniques. More

Some security researchers wanted to test the common belief that mobile devices listen to your conversations and change what they show you based on that. Their results were that this is not the case. Of course just because they didn't see it doesn't mean it's not happening, but I prefer an easier objection: the organization and infrastructure required to make such a thing work would be so extraordinary that we'd be hearing a lot about it if it were true. It's kind of like the 9/11 conspiracy thing, where the effort required to keep it a perpetual secret would be greater than actually doing it. More

It looks like amateur satellite trackers found the secret satellite that Trump tweeted the picture from. It's evidently an NRO HK-11 model, with what's essentially a Hubble Telescope pointed towards the Earth. More

Advisories: Tripwire's Patch Priority IndexCircleCI Vendor Issue, Exim TLSWordpress, Ruby Gems Supply Chain, Samba, BMC Supermicro

Breaches: Facebook 133M Phone Numbers
 

TECHNOLOGY NEWS


IBM says 120M workers will need to be retrained in the next 3 years due to the impact of AI and automation, and that half of the affected companies have no plan or strategy. More

Google has released Android 10, which includes a dark mode, updated gesture navigation, and more interaction options for notifications. More

USB4 (yeah, they dropped the dash) is coming soon, but don't worry—it still uses the USB-C connector. The big upgrades are a top speed of 40Gbps, and fast charging. More

Facebook's dating app has gone live. The security community thinks it's a big joke, and that nobody will use it. But they also thought everyone would quit Facebook after Cambridge Analytica. More
 

HUMAN NEWS


The CDC says people should stop vaping immediately while they try to sort out why hundreds of people have become sick with what's being called, "Vape Lung". More

Nordstrom is getting so creative in their desperation that they're going to start accepting returns from Macy's and Kohl's—just so people will come into their stores. Got to say, I love the hustle. More

A larger study has supported previous findings that the more you use Facebook the worse you feel. More

We're starting to have a serious problem with managing satellite traffic, and if we don't get a handle on it soon we're going to start losing stuff due to collisions. More

The US is struggling with what to do with its trash, now that China is no longer taking it. And the issue is causing a lot of problems for recycling efforts. More

Scientists can tell where whales have been based on the songs they sing. More


IDEAS, TRENDS, & ANALYSIS


It looks like Uber may be exploring the small loan business, and I find the idea repulsive. I think the gig economy is quietly but inexorably becoming the mechanism that turns the bottom 80% into servants for the top 20%. Not slaves, but servants—which, in the 2020's, will be close enough. So not only are these drivers not going to be paid enough to live on, but now you'll offer them loans that make them dependent on you. And the more screwed they become, the more money you make on them. So they'll miscalculate how much they make driving, they'll be behind on bills, they'll get a loan (from the same company that they drive for), and pretty soon they're behind on those payments too. Welp, guess they have to drive more. What's next, a collections company for people who can't pay? The whole thing has all the markings of a sci-fi dystopian government, run by corporations, that does its best to keep people docile and in control. And to be clear, I'm not imagining Uber sitting here like Mr. Burns trying to create this evil. I'm saying that's what they're going to end up doing. Them and their competitors. The gig economy is becoming the gamification mechanism—and economic model—for turning the unsuccessful into servants for the successful. Story My Essay on the Alpha and Beta Classes

If you haven't migrated from Myers-Briggs to the Big Five (OCEAN) personality test, it's past time to do so. More

As it turns out, a big part of why the divorce rate is falling is because fewer people are getting married. Specifically, fewer people of lower socio-economic status. Marriage is becoming a thing that rich people do. More

A study of social mobility has shown that mobility is declining compared to previous generations, and that wealthy parents are a stronger signal of future success than educational achievement. Examples included richer people with the same degree making far more money in similar jobs. More

The top podcasters can easily be (or become) billionaires. This piece of analysis shows that Howard Stern is getting ripped off by not having his own member-supported show. According to the analysis, he could make more than an extra $100 million a year if he switched. And China is way ahead of us. More

Streaming now makes up 80% of music sales. More

Losing religion is like coming off a drug. I've always known this, but now I'm starting to wonder whether cold turkey is the right methodology. 35% of young Americans report no affiliation, but 91%  grew up in a household that was religiously affiliated. As an atheist it'll sound weird to hear this from me, but I think a lot of our current depression and suicide problem will end up being tied to an existential chasm left by abandoning religion too quickly, and with no alternative provided. I think we desperately need a transition plan, and that anyone who can provide one (see Jordan Peterson) will become extraordinarily popular. More
 

DISCOVERY

 
Thinkst Canary Tools have been one of my favorite security products for years. To me they are the perfect tool for when you know for certain that your asset management, detection, and incident response capabilities are not in order. You essentially drop these Canaries throughout the network, and they instantly start providing high-quality signal of malicious behavior when anyone tinkers with them. If you're struggling with a low or medium-maturity org, you should seriously check them out. More ?

The $86 Trillion dollar world economy in one chart. Visualization

Here's a spectacular set of interview questions for senior level positions. They're questions that reveal a lot about the candidate themselves, rather than just what they know. This becomes increasingly important the more senior the role. More

People are justifiably upset that Goodreads has been stagnant for years. More

The Porsche Taycan's two-speed gearbox is a big deal for the future of EV. More

What I learned being a startup's first Data Engineer. More

A large collection of US-based security and IT conferences. More

A curl Cookbook More

A Github project with code for cloning voices. More

Sonos released a bluetooth speaker, and it's getting really good reviews. More

JustDeleteMe — A directory of links showing you how to delete your information from various services. More

Radio Garden — Explore live radio by rotating the globe. More

How to learn D3.js (I wish all tutorials were laid out so beautifully). More

BlackArch — An offensive security distribution based on Arch Linux. More


UPDATES


First Impressions of the Superhuman Email Service — My look at whether the semi-secretive email client is worth the $30/month. More

The Fundamental Difference Between Vim and Other Editors — One of the posts I've written as part of my recent deep-dive and love affair with Vim. I've gone further into it than ever this time. More

So this is the new template for the newsletter. Crisp, lean, and mean. I also re-recorded the intro and outro for the podcast, with some minor tweaks to the brand and messaging. Let me know what you think. Feedback
 
I'm about to do a deep-dive on Agile, Scrum, and related topics. I'm generally familiar already, but I want to become deeply versed. To me it's not just about development, but about creation in general. Especially in any environment with tons of complexity and moving targets. Which is basically everywhere. If anyone is an expert, do me a favor and send me your favorite resources.

I'm currently reading The Divide, a book about how there are increasingly (and already) two different Americas, especially as it pertains to opportunity and the criminal justice system. I'm not done with it yet, but it's filling in a lot of blurry area in ideas I've had for a while now. Book My Essay

My Denon headphones just passed into the next world, so I just ordered some AudioTechnica ATH-M70's. They're my first real studio headphones, which, are evidently delimited by having a flat reproduction of sound combined with a broad frequency range. I think that's key since I am doing a lot of audio stuff lately. More

I found a really cool way to send emails from the command line using Amazon's SES service as the backend. I'm going to do a piece on it soon.

We're reading Algorithms to Live By for the UL Member Book Club. You should come join us. We're doing our live discussion of it on the 29th of this month. Join Us
 

RECOMMENDATIONS


See if you can work any of these interview questions into your process for vetting senior candidates. More
 

APHORISMS


“To deny we need and want power is to deny that we hope to be effective.”

~ Liz Smith
If you enjoy the newsletter, you should consider becoming a member so you can get it every week instead of just twice a month! $5/month $50/year
Tweet Tweet
Share Share
Forward Forward
Twitter
Email
RSS