MEMBER EDITION | Episode 292 | Monday: August 2, 2021
NSA has released new guidance on how to securely use wireless devices in public places. I have to say it feels pretty remarkable to see the government—any government—putting out good content like this. More
The FBI has revealed the top targeted vulnerabilities of the last two years. The top ones were Citrix, Pulse, Fortinet, F5, and MobileIron. More
After 10 years, Google’s Vulnerability Rewards Program has rewarded 2,022 researchers with around $29 million in payouts. They’re now launching a new platform at bughunters.google.com. The new program comes closer to unifying bug submission across all of their products, better interaction mechanisms, an improved leaderboard, swag, and other improvements. More
The creators of PunkSpider are facing scrutiny because they plan to release a new version of their tool at DEFCON next weekend. The tool basically scans the internet’s websites and finds and publishes web vulnerabilities for everyone to see, including allowing people to search the results. The argument against this is that it’ll give attackers a chance to hit targets before victims have a chance to fix the issues. The argument for this is that they could do that already by running their own tools, and that the best way to apply pressure to fix things is to make them public. Disinfectant through illumination, basically. There will be lots of gnashing of teeth on the Twitters I’m sure. More
BlackMatter is a new ransomware gang that claims to be made up of the remnants of DarkSide and REvil. Their MO is to find people who already have access and offer them $100,000 for that access, assuming they have a substantial foothold and the target is in the US, UK, Canada, or Australia. More
Over 100 warship locations have been spoofed in the last year, and there’s speculation that it could be part of a campaign to create a conflict based on mistaken identity. More
Vulnerabilities:
-
Cyber Asset Management Platform Neotic launches with $20 million in funding. They use APIs and Graph databases to track assets both in the cloud and on-prem. More
-
At-Bay raises $185 million to do cyber insurance. More
-
ActiveFence comes out of stealth with $100 million in funding to detect online harm such as abuse, disinformation, and fraud. More
Facebook’s next big product is going to be Ray-Ban Smart Glasses. Honestly really excited to see what they release, even if all they do is add competition to the AR space. AR can’t get here fast enough for me, and I love that Facebook, Magic Leap?, Snap, and others are all playing in this space. More
The Wall Street Journal did an in-depth analysis of TikTok’s algorithm and how it’s so good at figuring out what you like. The short version is that on e metric matters more than all the others: Linger Time. “Every second you hesitate or rewatch, the app is tracking you. Through this one powerful signal, TikTok learns your most hidden interests and emotions, and drives you deep into rabbit holes of content that are hard to escape.” More More
Shopify is allowing merchants to sell NFTs through their storefronts. More
Apple’s Chip supplier, TSMC, is preparing its 2nm product for 2024. More
Cloudflare says AWS is charging way too much for egress traffic. More
Tesla passes $1 billion in quarterly profit after shipping more cars than ever. More
Apple’s profits nearly doubled last quarter, and iPhone sales jumped 50%. More
Companies:
-
Square is buying Afterpay, which is a “buy now, pay later” service out of Australia for $29 billion in stock. More
-
Twitter is closing its SF and NY offices just a couple weeks after re-opening them. More
Just 6 companies—GE, NewsCorp, Disney, Viacom, Time Warner, and CBS—control 90% of US media. In 2011 it was 50 companies. More
Business Insider says Amazon employs 1 out of every 153 American workers. That’s a Neuromancer Metric if I’ve ever seen one. More
Companies:
CONTENT, IDEAS & ANALYSIS
Everything is K-Shaped Right Now — Much of our society is splitting into upwards and downwards strokes, across multiple dimensions. More
Simone Biles Pulling Out — I’ve seen a lot of ideas about this in various places and wanted to comment real quick. Essentially, I’m torn. On the one hand I say, “No Excuses!”, because when you represent a country you basically have a job, and it’s a job that’s a lot more like the military than most jobs. One can view sport as a proxy for war, and it’s generally unacceptable to just walk away in either sport or combat when you don’t feel like continuing. That’s one side. The other side says 2021 gets a full pass. 2020 wasn’t normal. 2021 isn’t normal either. And this Olympics probably shouldn’t have happened in the first place. Everyone is still massively stressed due to a century-level event, which, by the way, we still haven’t seen the end of. So, I think you can give anyone a pass right now. And if anyone deserves a pass, it’s her. Hasn’t she done more than enough for the US already? I think so. The way we know this was an extraordinary circumstance is that it happened at all. She’s not a quitter. Quitters don’t have that many gold medals.
Where Am I On PunkSpider? — Where am I on tools like PunkSpider? I’m not sure, actually, but I do know what we’re doing now doesn’t seem to be working, so I’m somewhat sympathetic to the illumination argument. I’m open to being persuaded by data, and the implementation also matters. How they run the project will shape how I perceive it being either net-positive or net-negative. More
Women in the Draft — The Senate Armed Services Committee passed a provision to require women to register for the draft. Here’s what I suggest you do before forming an opinion on this topic. Go watch the opening scene for Saving Private Ryan and ask yourself if you’d be ok with that being a boat full of 18-20 year-old women. I am 1000% percent for 100% equality, but no—I am not ok with that being a boat full of women. More
NOTES
I’m back on my Neumann u87ai mic and my RODECASTER PRO podcasting rig, with Hindenberg as the DAW. I think the dedicated podcasting hardware (and software) might be better than the Universal Audio + LUNA setup I was using, just because it’s designed to do only that (see Dedicated). I’m also using no plugins other than DeReverb for room echo. If you’re interested or skilled at audio, let me know what you think of this week’s sound. What I’m shooting for is a very natural feel, with just enough bass to be substantive but not so much as to sound boomy or be hard to hear with background noise.
I’m getting ready to do my last subscription pricing adjustment for quite a while. I’m moving to what a lot of the people I pay for are doing, which is $100 a year, or $20 a month. I like the evenness of it, and how much it incentivizes the annual plan. For those who are already annual, the price increase per month will be $3.33. So, going from $5 dollars a month to $8.33 a month. I’m hoping that what we’re doing here is worth many times that, and I am not going to change this again before at least mid-decade.
I’m currently reading This is How You Lose the Time War, which won the Hugo and Nebula awards. I have heard it come up in like 5 conversations with friends recently, so I added it as an interrupt. This is on top of re-reading DUNE for book club this week. David selected the book because the new movie comes out in September. Can’t wait. Both for the book club and for the movie. More
I’m also all-in on the new Ghostbusters movie. More
I had to cancel my plans for BH/DC in Vegas due to COVID. And it looks like this fall could be as bad for hospitals as last fall, or worse. Which for me also means no EDC in October most likely. Oh well, at least I’ll be in a bigger place for this next lockdown. I’ll take whatever positive is on offer.
DISCOVERY
PimEyes — A creepily-good reverse image search. I uploaded a random image of myself I just took with my phone, and it found pretty much every image of me online that exists. Even ones that look nothing like the picture I uploaded. Use with caution. More
Datasette — Take data of any shape or size and publish that as an interactive, explorable website and accompanying API. More
Crossfeed — A CISA released tool for continuously monitoring an organization’s public-facing attack surface. More More
speed.cloudflare.com — I have been using the Speedtest thick client, combined with a CDN file download, to test my bandwidth for years now. I think Cloudflare’s offering might have finally replaced it. More
Disinformation For Hire, A Shadow Industry, Is Quietly Booming More
Autonomic Security — Google’s answer to SOCs being overwhelmed by expanding attack surface. More
“I went to the office for the first time. I fucking hated it.” More
Using SSM to run Ansible on AWS hosts without requiring an external SSH listener. More
Covid Stockholm Syndrome More
RECOMMENDATIONS
If you’ve not read Jonathan Haidt, I strongly suggest you get into him. Start with The Righteous Mind, then The Happiness Hypothesis, and then if you’re into youth/culture, The Coddling of the American Mind. I think he’s one of the clearest thinkers on the maladies affecting the US right now.
APHORISMS
“The rider evolved to serve the elephant.”
~ Jonathan Haidt