Exploring the intersection of security, technology, and society—and what might be coming next…
Standard Web Edition | Ep. 356 | November 7, 2022
SECURITY NEWS
TikTok has now admitted, after denying last week, that Chinese staff can in fact read European TikTok data. Pressure is increasing across the US government to outright ban the app, but it’s quickly becoming national infrastructure so many young people. MORE | FCC COMMISSIONER CALLS FOR BAN
Security company Lookout says mobile-based phishing attacks against federal government employees increased 47% between 2020 and 2021, which is roughly half of local, state, and federal government employees. MORE | THE LOOKOUT REPORT
Microsoft says between June 2020 and June 2021, 20% of all nation-state attacks were aimed at critical infrastructure, and that percentage grew to 40% between 2021 and 2022. MORE | THE FULL REPORT
CISA is pushing organizations to implement not just MFA, but phishing-resistant MFA, which today mostly means FIDO2 / WebAuthn. MORE | CISA GUIDE TO PHISHING-RESISTANT MFA
An attacker injected malicious code into a benign JavaScript file deployed on hundreds of US newspapers, and that malware was then pushed to all their users. The company targeted was undisclosed, but the malware was the SocGholish, which deploys fake updates that are actually malware. MORE
Musk is launching a new Twitter Blue offering for $8/month that gives anyone a blue checkmark without checking to see if they’re a real person. His counter to the security problem is to permanently ban any account that impersonates another. But he also talked about “widespread verification” in another tweet. I hope he means an actual identity confirmation. MORE | MY ANALYSIS OF THE RECENT EVENTS
Rewind.ai is an app that records everything you have seen, said, or heard on your Mac so you can remind yourself if necessary. Cool idea, theoretically. And likely a security/privacy hellscape. MORE
Dropbox got compromised by a phishing campaign which gave attackers access to 130 of their private Github repositories. MORE
Vulnerabilities:
- Fortinet: 6 High issues. MORE
- Splunk: 9 High issues. MORE
- Cisco: Multiple, up to system takeover. MORE
Benchmark your cloud configuration in minutes with JupiterOne
TECHNOLOGY NEWS
Matter launched last week, which is basically a new, shared language that allows all your smart home devices to speak to and control each other. THE VERGE SUMMARY
TSMC is approaching 1nm due to a breakthrough in 2D materials. MORE
Shubhro Saha figured out how to run GPT-3 prompts in Google Sheets, allowing you to automatically sanitize data, categorize feedback, etc. MORE
OpenAI has released the public DALL-E API in beta. So now you can automate the creation of generative images. MORE
Musk is supposedly looking at some kind of OnlyFans clone for Twitter. That’ll be hard to do if the brand is trusted information. MORE
Amazon’s entire music library is now available to Prime subscribers for free. MORE
Meta built an AI-powered audio codec that can supposedly compress audio 10x tighter than MP3. MORE
Starlink is soft-capping residential users at 1TB per month. MORE
Layoffs and Freezes:
- Lyft: 13% MORE
- Stripe: 14% MORE
- Meta: Reportedly thousands this week. MORE
- Apple: Hiring Freeze MORE
- Track the layoffs with layoffs.fyi MORE
HUMAN NEWS
There’s a newish narrative going around that says it makes no sense to recycle plastic, and that you might as well throw it away. I’m skeptical only because it matches my intuition and sounds like it could be some kind of propaganda effort. MORE
Human trials have started for lab grown blood. They’re starting with a couple of spoonfuls to see how it does in the body. MORE
Gas prices in Europe are thankfully much lower than expected due to a mild autumn. MORE
IDEAS & ANALYSIS
✍️ AI Art Just Opened The Threat to Human Work We Were Expecting from AGI READ
✍️ My Prediction for Twitter READ
Build Your Own Stuff
Substack just launched their own chat service so that people could chat with creators. Sounds pretty cool right? So did Medium. So did LiveJournal. So did Tumblr. So did MySpace. So did a dozen other services. I’ve had a blog since 1999, and I have seen so many platforms rise and fall. Trust me on this. Your domain is your brand. Keep your own blog, on your own domain. And make sure you are using universal enough tech that you can take your backups and go anywhere else if you neded to. Your domain is what matters. Don’t rely on the Mediums and Substacks of the world. They’ll be gone tomorrow. SO YOU WANT TO START A BLOG
NOTES
I’m getting into video. Mostly YouTube, but probably some TikTok too. And not like ham in front of the camera type stuff, but some of that combined with mostly having video and visual support to whatever I’m talking about. Basically, video > text for most people, so I am going to master that medium and make sure most of my content has a video element going forward.
Westworld has been cancelled. Not surprising to me. I couldn’t even get into the last season because they lost the plot. Couldn’t tell who the good or bad guys were. Oh well, seaons 1 and 3 were masterpieces. MORE
I continue to spin up all the UL umbrella threads. Consulting, the products I’m building, and tons more work on the show (which members have been seeing most of all). So much additional energy happening in the community, more member content, more meetups, a new UL Principles document, and tons more. Elated with the progress.
This month’s bookclub book is The Science of Storytelling, by Will Storr. MORE
DISCOVERY
Awesome Cybersecurity Newsletters — A massive collection of newsletters about the cybers. MORE | BY TAL ELIYAHU
🔭 [ Sponsor ] JupiterOne — See how your cloud configuration compares against CIS Foundations benchmarks in just a few clicks. GET STARTED WITH YOUR FREE ACCOUNT
The Immutable Laws of Security MORE
🔥 The Best of AI Twitter MORE
How to Get Paid Slack Features For Free MORE
What I Learned from Reading 217 Subdomain Takeover Reports MORE | BY NYNAN
What Happens After Everything Becomes TikTok? MORE
Threat Model Examples MORE | BY TAL ELIYAHU
Helping Elon Speed Run the Content Moderation Curve MORE
Running Lego Engines With Air MORE
My Simple Kubernetes Setup for Side Projects MORE | BY BAS STEINS
Advice That Worked For Me MORE
How to Set Your Google Calendar to Private MORE
RECOMMENDATION OF THE WEEK
Keep abreast of the AI Art stuff and the companies that spin off of it to do other things. That doesn’t mean look at 34 different art engines and their pictures. But pay attention to the companies that are using transformer tech to solve other kinds of problems. And make sure the people you care about are aware of what’s happening. This thing that’s about to happen to tech, that’s starting right now, is bigger than anything before it. Bigger than the internet. Maybe the printing press. It’s the creation of agents that can do most of our cognitive work better than us. It’s big. MORE
APHORISM OF THE WEEK
“I visualize a time when we will be to robots what dogs are to humans, and I’m rooting for the machines.”
Claude Shannon