Unsupervised Learning

Every week I consume ~20 hours of content about security, technology, and life, and then curate what I learned into a digestible summary.

Security News

My Analysis of the 2018 DBIR Report Link

17 of 24 European regulators who responded to a survey said they don't have the resources to do GDPR enforcement. I think a lot of us were wondering who was going to do this work, but this response validates our skepticism. Link

USA Today reporters went through the 3,517 Russian Facebook ads that were just released to the public by the government and they found that the primary technique used was to sow racial discord. Link

According to a group of European security researchers, you should immediately disable any tools that automatically decrypt PGP-encrypted email. More details to come in the full advisory tomorrow. Link

Rich people are hoarding $10 billion in Bitcoin in bunkers. Link

Researchers have found a command that Siri and Alexa can hear, but humans cannot. I love this type of research where you think one thing is happening (or not) but the reality is quite different. I dub this Ironic Interface Manipulation (IIM) because one of the central meanings of irony is something having two meanings. Link

Facebook has moved David Marcus from the Messenger team to a team that's going to investigate blockchain. Marcus spent time at PayPal, so that seems like a solid fit. Link

A malware campaign called Kitty has hit many Drupal sites. It drops a currency miner called me0w.js. Link

iOS 11.4 will implement a new feature called Restricted USB Mode, which will make it harder for people to extract data from your iPhone. Basically, whenever you unlock your phone you reset a 7-day timer, and if that timer runs out, you can no longer extract data via the Lightning port. Link

Apple is also looking to restrict or deny iOS applications that capture and share your location. Great work here on the privacy front. I just hope it doesn't leave them too far behind when it comes to Machine Learning and Digital Assistants. Link

Any child born after 1983 in California had its DNA stored by the government, and some are worried about who has access to it. Link

Vulnerabilities: PGP, Adobe, Logitech Harmony Hub, Drupal, SAP, 7Zip

Breaches: Chili's Restaurants

Technology News

Google showed off a new technology called Google Duplex that's about to be part of Google Assistant, and it blew away many who saw it. It had an AI, speaking in a normal human voice, with regular "ums" and "ahs", in order to make an appointment for its owner. They showed an easy one, and also a really hard one where the other side kept getting confused due to language issues. It was spectacular. A lot of people outside Silicon Valley are really upset about how good the demo was. They are saying that it's basically repulsive and immoral to make computers sound like humans. I think these are the noises of the soon-to-be-obsolete. Yes, it'll be strange. Yes, it'll cross the line sometimes. But it's the future, so let's get to the work of making it the best one possible. Link

Notepad can now read UNIX files that have CR and LF characters. Link Link

Square has launched a new software service that runs multiple restaurant operations, including table booking, check management, and food delivery. Link

Apple looks to be launching a credit card with Goldman Sachs. Link

Amazon is getting into the ad network space, opposing companies like Criteo. Link

Walmart has bought the majority of Flipkart for $16 billion in order to oppose Amazon. Link

Human News

A new report from Blue Cross Blue Shield says that U.S. depression rates are rising across the board. Link

Carnegie Mellon is about to offer the first undergrad degree in AI. Link

The Supreme Court just struck down the law prohibiting internet gambling. A lot of people are about to make a lot of money in online gambling. Think: internet poker boom. Link

Ideas, Trends, & Analysis

[ NEW ESSAY ] The Future of Content Destroys the Middleman Link

[ SECURITY REPORT ANALYSIS ] My Analysis of the 2018 DBIR Report Link

The first thing I thought of when I saw Google Duplex was what it's going to do to the customer service industry. Specifically, automated response systems. AI is theoretical until it isn't. We already have lots of this going on today, but I think this will take it to the next tier of natural interaction. And remember: the bar to reach isn't very high.

When it comes to the Iran nuclear deal, here's one data point for you. Intelligence Squared did a debate on the topic a number of years ago, and at the time I was quite pro Iran deal. The way the debates work is that you have an Oxford-style exchange, with two experts on each side, and they fight it out in front of a live audience. A winner is picked at the end of an hour based on how much the experts moved the audience in opinion. The side against the deal won, basically saying that it was NOT an effective plan. I was convinced. You should listen for yourself. It's quite good, and the series is just excellent in general. Link

Google has just massively jumped ahead in the Digital Assistant space with its Duplex announcement. As I said before, this is a real problem for Apple. They need to catch Siri up, and quickly.

I'm not an expert on Marx or in political science, but there's been a lot of coverage lately about him being 100% right about how capitalism is playing out—basically saying that we need to listen closely to him going forward. My partially informed opinion is this: he was spot on regarding the problem, but way off on the solution. Yes, machines will take jobs. Yes, we need to guard against inequality. Yes, we'll struggle to figure out how to keep everyone doing meaningful work. But that doesn't mean socialism is the answer. And it very specifically seems not to be. So, hat off to calling the problem early. He's a genius for that. But we need to look elsewhere for a solution.


🔥 Red Team Tips — A spectacular collection of Red Teaming notes, by Vincent Yiu. Link

Google CTF 2017 Challenges Link

aws_public_ips — Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services. Link

Data & Statistics

Apple is now worth $945 billion dollars. Link


It looks like around 1% of you are subscribed. 😞  I'd love to get that number to 5-10%, so please consider becoming a member! When you sign up you get all future versions (every week). Basically, members get every edition, and free subscribers get every other one. BECOME A MEMBER HERE for $5/month, or sign up for $50/year down below. Thank you!

Thanks so much to Robb Reck for having me at the Rocky Mountain Information Security Conference in Denver last week! It was a fantastic event, and also my first book signing! And thanks again for the super-generous $1,000 subscription!

I feel bad for caring this much, but it seriously annoys me how few businesses in the Bay Area support wireless payment. It's honestly embarrassing. When I travel to London or Singapore or other major cities in the world, they all support wireless. Even worse, many implementations in the Bay Area are not really wireless at all. You start with a wireless scan—which should be your only interaction—but it really just starts a standard wizard. First you select your language. Then you select whether it's credit or debit. Then you hit accept a few more times. Then you sign your name, which can be anything because nobody ever looks at them. Basically like 5 interactions on a piece of POS hardware that has more bacteria on it than a CDC Petri dish, and all this on something that's supposed to be zero friction. It's seriously gross, on many levels. Including the level of me getting bothered enough to complain about it.


Take a Netflix show off your schedule, and spend that time reading the book on the top of your list. If you don't have a book, email me and I'll hook you up with a personalized recommendation.


“In my whole life, I have known no wise people (over a broad subject matter area) who didn't read all the time -- none, zero. You'd be amazed at how much Warren reads--and at how much I read”.

~ Charlie Munger

No ads, no sponsors…

I spend between around 20 hours on the show every week, and if you get value from it, please consider becoming a supporting member for just $5/month.

Members get the newsletter every week and can submit AMA questions, while free subscribers get the newsletter just twice a month.


Thank you,

Email a friend about Unsupervised Learning...


: :

Copyright © 2018 Daniel Miessler, all rights reserved.

Click here to stop receiving the Unsupervised Learning Newsletter.