My Analysis of the 2018 DBIR Report Link
17 of 24 European regulators who responded to a survey said they don't have the resources to do GDPR enforcement. I think a lot of us were wondering who was going to do this work, but this response validates our skepticism. Link
USA Today reporters went through the 3,517 Russian Facebook ads that were just released to the public by the government and they found that the primary technique used was to sow racial discord. Link
According to a group of European security researchers, you should immediately disable any tools that automatically decrypt PGP-encrypted email. More details to come in the full advisory tomorrow. Link
Rich people are hoarding $10 billion in Bitcoin in bunkers. Link
Researchers have found a command that Siri and Alexa can hear, but humans cannot. I love this type of research where you think one thing is happening (or not) but the reality is quite different. I dub this Ironic Interface Manipulation (IIM) because one of the central meanings of irony is something having two meanings. Link
Facebook has moved David Marcus from the Messenger team to a team that's going to investigate blockchain. Marcus spent time at PayPal, so that seems like a solid fit. Link
A malware campaign called Kitty has hit many Drupal sites. It drops a currency miner called me0w.js. Link
iOS 11.4 will implement a new feature called Restricted USB Mode, which will make it harder for people to extract data from your iPhone. Basically, whenever you unlock your phone you reset a 7-day timer, and if that timer runs out, you can no longer extract data via the Lightning port. Link
Apple is also looking to restrict or deny iOS applications that capture and share your location. Great work here on the privacy front. I just hope it doesn't leave them too far behind when it comes to Machine Learning and Digital Assistants. Link
Any child born after 1983 in California had its DNA stored by the government, and some are worried about who has access to it. Link
Vulnerabilities: PGP, Adobe, Logitech Harmony Hub, Drupal, SAP, 7Zip
Breaches: Chili's Restaurants,
Google showed off a new technology called Google Duplex that's about to be part of Google Assistant, and it blew away many who saw it. It had an AI, speaking in a normal human voice, with regular "ums" and "ahs", in order to make an appointment for its owner. They showed an easy one, and also a really hard one where the other side kept getting confused due to language issues. It was spectacular. A lot of people outside Silicon Valley are really upset about how good the demo was. They are saying that it's basically repulsive and immoral to make computers sound like humans. I think these are the noises of the soon-to-be-obsolete. Yes, it'll be strange. Yes, it'll cross the line sometimes. But it's the future, so let's get to the work of making it the best one possible. Link
Notepad can now read UNIX files that have CR and LF characters. Link Link
Square has launched a new software service that runs multiple restaurant operations, including table booking, check management, and food delivery. Link
Apple looks to be launching a credit card with Goldman Sachs. Link
Amazon is getting into the ad network space, opposing companies like Criteo. Link
Walmart has bought the majority of Flipkart for $16 billion in order to oppose Amazon. Link
A new report from Blue Cross Blue Shield says that U.S. depression rates are rising across the board. Link
Carnegie Mellon is about to offer the first undergrad degree in AI. Link
The Supreme Court just struck down the law prohibiting internet gambling. A lot of people are about to make a lot of money in online gambling. Think: internet poker boom. Link
Ideas, Trends, & Analysis
[ NEW ESSAY ] The Future of Content Destroys the Middleman Link
[ SECURITY REPORT ANALYSIS ] My Analysis of the 2018 DBIR Report Link
The first thing I thought of when I saw Google Duplex was what it's going to do to the customer service industry. Specifically, automated response systems. AI is theoretical until it isn't. We already have lots of this going on today, but I think this will take it to the next tier of natural interaction. And remember: the bar to reach isn't very high.
When it comes to the Iran nuclear deal, here's one data point for you. Intelligence Squared did a debate on the topic a number of years ago, and at the time I was quite pro Iran deal. The way the debates work is that you have an Oxford-style exchange, with two experts on each side, and they fight it out in front of a live audience. A winner is picked at the end of an hour based on how much the experts moved the audience in opinion. The side against the deal won, basically saying that it was NOT an effective plan. I was convinced. You should listen for yourself. It's quite good, and the series is just excellent in general. Link
Google has just massively jumped ahead in the Digital Assistant space with its Duplex announcement. As I said before, this is a real problem for Apple. They need to catch Siri up, and quickly.
I'm not an expert on Marx or in political science, but there's been a lot of coverage lately about him being 100% right about how capitalism is playing out—basically saying that we need to listen closely to him going forward. My partially informed opinion is this: he was spot on regarding the problem, but way off on the solution. Yes, machines will take jobs. Yes, we need to guard against inequality. Yes, we'll struggle to figure out how to keep everyone doing meaningful work. But that doesn't mean socialism is the answer. And it very specifically seems not to be. So, hat off to calling the problem early. He's a genius for that. But we need to look elsewhere for a solution.
🔥 Red Team Tips — A spectacular collection of Red Teaming notes, by Vincent Yiu. Link
Google CTF 2017 Challenges Link
aws_public_ips — Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services. Link
Data & Statistics
Apple is now worth $945 billion dollars. Link
It looks like around 1% of you are subscribed. 😞 I'd love to get that number to 5-10%, so please consider becoming a member! When you sign up you get all future versions (every week). Basically, members get every edition, and free subscribers get every other one. BECOME A MEMBER HERE for $5/month, or sign up for $50/year down below. Thank you!
Thanks so much to Robb Reck for having me at the Rocky Mountain Information Security Conference in Denver last week! It was a fantastic event, and also my first book signing! And thanks again for the super-generous $1,000 subscription!
I feel bad for caring this much, but it seriously annoys me how few businesses in the Bay Area support wireless payment. It's honestly embarrassing. When I travel to London or Singapore or other major cities in the world, they all support wireless. Even worse, many implementations in the Bay Area are not really wireless at all. You start with a wireless scan—which should be your only interaction—but it really just starts a standard wizard. First you select your language. Then you select whether it's credit or debit. Then you hit accept a few more times. Then you sign your name, which can be anything because nobody ever looks at them. Basically like 5 interactions on a piece of POS hardware that has more bacteria on it than a CDC Petri dish, and all this on something that's supposed to be zero friction. It's seriously gross, on many levels. Including the level of me getting bothered enough to complain about it.
Take a Netflix show off your schedule, and spend that time reading the book on the top of your list. If you don't have a book, email me and I'll hook you up with a personalized recommendation.
“In my whole life, I have known no wise people (over a broad subject matter area) who didn't read all the time -- none, zero. You'd be amazed at how much Warren reads--and at how much I read”.
~ Charlie Munger