NO. 357 | NEWS, ANALYSIS, & DISCOVERY SERIES


Exploring the intersection of security, technology, and society—and what might be coming next…

Standard Web Edition | November 14, 2022

SECURITY NEWS


Attackers have dumped nearly 8 million Australian health records on the dark web after breaching a health insurance company with almost 10 million customers. MORE

NSA has released guidance asking companies to switch to memory-safe languages like Rust, C#, Go, and others. GET THE PDF

Security researcher David Schütz accidentally found a bypass to the Android lock screen by tinkering with the SIM card. The issue affects everyone running Android 10, 11, 12, and 13 if they don’t have the November 2022 patch. MORE | VIDEO

In Apple’s new iOS 16.1.1 update, they’re limiting ‘AirDrop Everyone’ to 10 minutes in China. Speculation is that it was being used to share unapproved content between people that couldn’t be monitored by the government. MORE

BellingCat was able to identify the location of a cruise missile program from a single old photo from 8 years earlier. MORE

CISA is expanding its cybersecurity education program nationwide. The high-school-focused program had success in Louisiana and now they’re taking it to the rest of the country. MORE

Vulnerabilities:

  • Cisco patches 33 vulns in its enterprise firewall products. MORE
  • VMware has released an advisory for VMware Workspace One Assist. MORE
  • Citrix released updates for ADC and Gateway. MORE

 


Sponsor

State of SIEM 2022
 

This State of SIEM 2022 Report surveyed hundreds of cybersecurity and SecOps professionals who use a SIEM to understand their challenges, frustrations, and areas of improvement. Check out the 2022 report to see how SecOps professionals are keeping up with their existing environment, and what they plan for next steps. 

NO. 357 | NEWS, ANALYSIS, & DISCOVERY SERIES

TECHNOLOGY NEWS


The chatter is picking up that GPT-4 is going to be utterly insane. Scoble says it might be as big a leap as GPT-2 to GPT-3, or bigger. MORE

Apple says it might be hard to get an iPhone Pro or Pro Max this holiday season due to high demand and production (see Covid) issues in China. MORE

Amazon might soon have a service called ‘Clinic’ which would connect customers to telemedicine services. I can’t wait for this type of help to be widely available and easier to use, especially for mental health. MORE

Musk has ended default remote work at Twitter, which is the same thing he did for Tesla and SpaceX. He clarified that if you have a special case or your manager vouches that you’re a top performer, you can still work remotely. MORE

GitHub has massively updated its search capabilities, including a new search and code nav view, a new code browser, a symbols inspector, and more. MORE

HUMAN NEWS


The planet now has 8 billion people on it, but experts are now expecting it to irreversibly decline throughout this century. MORE

China is struggling with more Covid outbreaks, including in the world’s biggest iPhone plant. Their isolation policy, combined with the lack of a vaccination rollout, means China’s population is largely unprotected from either previous infections or vaccines. MORE

Deep Bass makes us dance, but we don’t know why. MORE

France is going to put solar panels on top of all large parking lots. MORE

IDEAS & ANALYSIS


Using AI Art as Inspiration
I have heard from multiple places now that there are professionals using AI Art generators as an augmentation tool. So they have an idea of what they want, but can’t quite visualize it yet, so they run a bunch of prompts through the art algorithms. Then they get inspired or polarized by what they see, their vision becomes clearer, and they make the art themselves. I’m excited by this, but I know augmentation is only for the privileged. That is, if you’re already so amazing that you can create art as good as an art algorithm, and you’re one of the tiny number of people with a job doing that, you’re in a great position to use the algorithms to your advantage. But that’s not most artists. 

Twitter and First vs. Second-order Chaos
I still believe Musk will turn things around at Twitter and make it a better platform, but holy crap what a week. I’m stunned by his ability to own-goal himself. Selling blue checks without verification? When everyone told him it would cause a major impersonation problem? And he just did it anyway? Here’s a theory that I am playing with: he’s great at first-order chaos, but bad at second-order chaos. First-order chaos is something like weather or self-driving, where it’s unpredictable but it doesn’t fight back. Second-order chaos is where your actions produce counter-reactions in the thing you’re working with—in this case, people who use Twitter. He seemed completely thrown off by how the crowd reacted to his actions, like he couldn’t believe the rocket had an attitude. Again, not sure if that’s a valid model or not, but it struck me.

NOTES


👀 I have a friend next door who does sourcing for AI/ML positions, and she just got laid off at Twitter. She’s looking for a new opportunity, so hit her up if you’re looking for AI people! HER LINKEDIN

I tried a new nootropic cocktail Sunday morning and basically felt like Limitless all day. I’ll be doing a full member piece soon on nootropics. BECOME A MEMBER

Speaking of membership, I’m about to have another Black Friday sale for UL Membership! I’m not sure what the discount is going to be, but it’ll be compelling. Details to follow next week!

DISCOVERY


⚒️ katana — Project Discovery makes the best recon / continuous monitoring tooling out there. I’ve been saying this for years. And now they have a crawler! Cannot wait to play with this more! TOOL |  BY PROJECT DISCOVERY | OUTPUT

⚒️ Targeted Password Guesses — A tool that uses GPT-3 to create a password list based on a particular target. Dammit, I was about to do this too. Oh well, I’ll still do mine and compare. TOOL | BY ACM RESEARCH

⚒️ Hey GitHub — Write code using your voice. TOOL

⚒️ GitHub Business Card — Create a business card based on your GitHub profile. Love these kinds of projects! CREATE YOURS | BY SEBASTIEN CASTIEL

⚒️ Softr — Build full business apps with backend databases, user management, authentication, payments, etc., all without writing code. Uses Airtable or Google docs as the database. I could have used this like 39 times in the last 5 years. MORE

🧵Recon Tools for Web Testing — A sick thread by Lohitaksh Nandan listing his favorite web hacking tools. THREAD | BY LOHITAKSH NANDAN

I somehow didn’t remember that httpx by Project Discovery does stack detection when it checks for web servers. So you can do something like cat hostnames | httpx -tech-detect and get back what kind of tech the site runs. Just keep in mind it’s only a small subset of what you’d get if you used the actual wappalyzer API, which is a paid offering. Still really sick to get this functionality for free though. TOOL | BY PROJECT DISCOVERY | MY TWEET ABOUT IT

🔭 [ Sponsor ] Panther — The State of SIEM Report. Insights From 250+ Security Practitioners Who Actively Use a SIEM Platform GET THE REPORT

AI draws Darth Vader as a construction worker and nails the helmet. MORE

A bunch of my friends started a new monthly podcast called 404 Security Not Found (great name) that you should check out. For discussion podcasts with multiple guests I love the format where each person brings their own stories and then everyone discusses, and this group really sticks it. Recommend. LISTEN TO THE FIRST EPISODE

There’s a new short film collaboration between Star Wars and Studio Ghibli streaming on Disney+. More

Someone created a chip that can be inserted into a Starlink terminal that will let you run arbitrary code. GITHUB PROJECT 

Here’s the list of sessions from USENIX’s 2022 Security Symposium. These conferences are always stellar, and I love that they make all their talks available. THE TALKS

RECOMMENDATION OF THE WEEK


This next generation of AI models coming out from Google, OpenAI, and others are going to be something else. Pay attention to what they can do in broad tasks, not just the flashy stuff like making images or videos. Look for ways they will be used to augment and then largely replace human work. Especially your work, and the work of the people you care about. And then start thinking about a 5-10 year plan for that.

APHORISM OF THE WEEK


“Chaos often breeds life, when order breeds habit.”

Henry Brooks Adams





Source link