NO. 355 | NEWS & ANALYSIS SERIES


Exploring the intersection of security, technology, and society—and what might be coming next…

Standard Web Edition | October 31, 2022

SECURITY NEWS


⛔️ There is likely to be a critical TLS vulnerability released this week. Consider getting your teams ready by looking for your instances before it drops. ZDNET | GLOBALSIGN | REDDIT DISCUSSION 

The US accused 13 Chinese nationals of committing espionage-related offenses for China, including attempting to force a Chinese national in the US to return to China, attempting to interfere with a federal investigation of Huawei, and attempting to recruit US academics to spy for China. MORE

The Daily Mail says Russia hacked Liz Truss’s personal phone and gained access to extremely sensitive conversations with Kwasi Kwarteng and others. MORE

The second-largest investor in Twitter—after Musk—is Saudi Arabia’s Kingdom Holding Company (KHC), with shares valued at $1.8 billion. MORE

Apple has significantly upgraded its security research program, speeding up its turn-around times and adding more transparrency for submission statuses. MORE

University of Maryland made a sweater that confuses AI into not recognizing a person. MORE

DHL has surpassed LinkedIn as the most spoofed phishing brand. MORE

The New York Post got hacked, resulting in defamatation of the site and their social media. Someone named Thrax claimed credit and said they got access via WordPress. MORE

Juniper patched high-severity flaws in Junos OS that affect enterprise networking devices. MORE

CrowdStrike has partnered with MITRE CTID to find attacker TTPs in cloud analytics. MORE

Samba released security updates for issues up to and including system takeover. MORE

Apple’s new Ventura release patched over 100 vulnerabilities. MORE

TECHNOLOGY NEWS


Layoffs.fyi says the layoffs mostly happened during the summer, and are slowing down. MORE

Shutterstock will start selling AI-generated stock images powered by OpenAI. MORE

Mr. Beast is looking to raise $150 million for a $1.5 billion valuation on…himself. Love it. MORE

Hidden Door is a gaming company that wants to turn fiction into role-playing experiences. MORE

OpenAI invested $500 million in Descript, an AI-based tool for editing audio and video. MORE

HUMAN NEWS


Luis Inácio Lula da Silva (Lula) has defeated Bosonaro to become Brazil’s president, again, 20 years after being the president the first time. MORE

It looks like the UK wants back into the EU. Rejoining the UK recently had a 14-point lead in a poll. MORE

The US economy grew by 2.6% last quarter. MORE

Teens are starting to use TikTok to figure out what’s wrong with them mentally. “I have this.” MORE

A record-high 56% in the US believe local crime has increased. MORE

IDEAS & ANALYSIS


 ✍️ Why Apple Keeps Winning MORE

NOTES


Book club was phenomenal this week. We got into a spirited discussion about whether AGI would happen before 2030. 1/3 said it would, and 2/3 either abstained or said it wouldn’t. The chosen book of the month for November is The Science of Storytelling. MORE

The aunt of one of our UL members is featured in a podcast called The Lost Women of Science. LISTEN

I got in an uncharacteristic Twitter squabble about Apple on Sunday morning. Someone was attacking me for talking about what Apple is doing right, and he unfollowed me during the discussion. We talked for another hour or so, cooling down the tone, and it went from a scuffle to a conversation. At the end he followed me back, I thanked him for being so passionate for the right things, and I followed him back. The lesson? Civil conversations are still possible on the internet! 🙂 THREAD

I now have lots of birds showing up to my feeder! Thank you all again. And I have two hummingbird feeders now too. And they’re getting some traffic as well. Loving it. Next step: Continuous IP Camera + AI bird identification -> Alerting system. Hit me up if you’re this kind of nerd.

Absolutely loving The Mars Volta’s new album. MORE

Anyone know of a healthy cleanse recipe I can make at home with a Vitamix? HALP

❤️ I met my love 30 years ago today. ❤️

DISCOVERY


🛠️ dastardly, from Burpsuite, is a light-weight web application scanner that you can use to scan your web apps during CI/CD. Integrates with GitHub actions and many others. TOOL | by PORTSWIGGER

🛠️ sandman is a backdoor for red teams that sends traffic over NTP. TOOL | by IDO VELTZMAN

🛠️  private_detector is Bumble’s image classifier for lewd images. TOOL | by BUMBLE TECH

🛠️ threatest is a Go framework for end-to-end testing of threat detection. TOOL | by DATADOG

🔭 [ Sponsor ] Keeper Security — Simple and secure password management for your business. Keeper works out-of-the-box with identity, MFA, and SIEM solutions including Okta, Azure AD, Ping Identity, G Suite, YubiKey and many others. LEARN MORE 

semafor — A new news service by Ben Smith built on the idea of transparent, unbiased, and center-focused news. Meaning, much less tainted by the right and left narratives. Cool, sign me up. MORE | ABOUT

looka — An AI-based logo generator. You give it your company name and some seed material, and it makes you some logos. MORE

namelix — An AI-based company name generator. You give it some vibes and it comes up with some possible company names. MORE

pfpmaker — An AI-based profile pic generator. You give it an image and it makes you profile pics. MORE

snipd — Listen to AI-generated summaries for Lex Fridman’s podcast. MORE

An absolutely packed episode of Lex’s podcast, with guest Andrej Karpathy. I particularlly loved his explanations of ML, his points about AGI, his approach to leading organizations, and tons more. Must consume. MORE

Japan’s Anime community is seriously upset about the rise of AI-generated art. MORE

The Lost Women of Science — For every Marie Curie or Rosalind Franklin whose story has been told, hundreds of female scientists remain unknown to the public at large. In this series, we illuminate the lives and work of a diverse array of groundbreaking scientists who, because of time, place and gender, have gone largely unrecognized. LISTEN

The Rising Tide of Global Sadness MORE

Is Listening to Audiobooks Really Reading? — The author of this piece makes the point that listening actually came before print, because oral storytelling came before writing. MORE

Jim Cramer cries on TV for recommending META to his audience. MORE

Security is an Infinite Game MORE

The rich are now signaling using statement trees. MORE

passkeys.io — A demo site for enrolling in and using Passkeys. MORE

Don’t Overreact to Weak Signals MORE

👀 The Art of the Desk Setup MORE

RECOMMENDATION OF THE WEEK


Don’t stress about how much you’re learning when you read or watch educational content. Maybe you’re only getting X amount of retention, but it’s hard to say what that number really is. Plus, learning can sink deep into us and affect how we see the world, which has a lot more impact than remembering facts. If you love a book or some piece of content, watch it again while taking notes, or use it to update a current methodology you’re using to do something. But feel free to just listen to it as well, lettting it blow by. You’ll likely absorb more than you think.

APHORISM OF THE WEEK


“The two most important days in life are the day you born and the day you find out why.”

Mark Twain





Source link