Unsupervised Learning: No. 66

This week’s topics: My recap of RSA 2017, Google’s zero-trust implementation, Trump domain hacked, robots doing your taxes, the IoT Security train analogy, the future of authentication, toolswatch best tools of 2016, and more…


This is Episode No. 66 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 15 to 30 minute summary.

The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well.


The show is released as a Podcast on iTunes, Overcast, Android, or RSS—and as a Newsletter which you can view and subscribe to here or read below.


Infosec news  

My RSA 2017 Recap Link

Yahoo! is sending out another round of notifications to users saying there was an issue last year where attackers could create backdoor cookies using internally created software. This creates more questions than answers for me. Link

A U.S. company's toy called My Friend Cayla is a doll that can be controlled via speech recognition and over the internet via an app. Germany has classified the doll as an illegal espionage apparatus and have demanded that German stores stop selling it. The fallout from Snowden continues. Link

There's a new piece of Mac malware that's supposedly linked to the APT28 group that is said to have been associated with election related hacking last year. Link

Google shared their zero-trust network security implementation at RSA last week. Lots of companies talk about this, but they're actually doing it. And it's taken six years to get where they are. Link

IBM researcher Charles Henderson can still follow his car everywhere, even though he solid it a long time ago. Link

Researchers are warning that voice authentication is not good enough, and that it must be combined with other authentication types. I 100% agree. Link

Dutch researchers have found a way to undermine ASLR protection, which could make it much easier to create working exploits. Link

Technology news                                                    

A subdomain belonging to Donald Trump was hacked by someone who left a pro-Iraqi message. Secure2.donaldjtrump.com was evidently compromised through a DNS configuration flaw. Link

Apple has purchased an Israeli company called RealFace that specializes in facial recognition. I hope they don't go to this exclusively, as I think it's going to be a lot more error-prone than TouchID. Link

Google Fiber is shrinking massively as it prepares for new connectivity deployments to be mostly wireless. Link

The cost of manufacturing carbon fiber has fallen massively, and the price to consumers is about to follow. Link

Human news                                                  

Robots will soon do your taxes. Those jobs are just about gone. Link

Bill Gates is quite worried about bioterror. Link

We don't understand consciousness, and we don't understand quantum physics. Some researchers are starting to ask if that's more than a coincidence. Link

26% of American adults haven't read a book in the past year. I suspect the problem is far worse than that. Link

The extreme nerdiness of hand-drawn infographics. Link

Ideas

IoT Security's Train Analogy Link

Violence and Terror Are Not the Same Link

My article from 2015 on the Future of Authentication Link

With Machine Learning, Batteries Are Often Not Included Link

Discovery

The ToolsWatch best security tools of 2016. Link

An unbelievably great deck by Momentum Partners on big moves in the InfoSec space. Link 

DataSploit: Performs various OSINT techniques and organizes results visually and into usable data. Link

A great presentation on starting in IoT hacking. Uses the IOT Security Project that I lead. Link

Combining OpenCanary and DShield. Link

Notes

Here are the slides from my RSA talk on securing Medical Devices using Adaptive Testing methodologies. Link

Here are the slides from my IOAsis talk on implementing Honeytokens throughout the stack without a budget. Link

I'm going through the RSA 2017 vendor list and condensing each interesting technology company into a single sentence. I need someone to pick an alphabet letter and help me clear out the list. I'm currently in the D's (lol). If you want to volunteer for a letter, ping me at danel@danielmiessler.com. Link

I'm about halfway done with the Hamilton biography, and I've just purchased the Federalist Papers as well, which I'll read next. Link

Recommendations

Ensure that your backup strategy is resistant to malware. In other words, if ransomware malware can get to your backups, then you might as well not have any backups.

Aphorism

"By doing just a little every day, you can gradually let the task completely overwhelm you." ~ Unknown
 


Thank you for listening, and if you enjoy the show please share it with a friend or on social media.

Daniel Signature

__

I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.

Source: http://feeds.danielmiessler.com

Leave a Reply