Copy


No. 65 | February 12, 2017   |   View in your browser.
Unsupervised Learning is my weekly curation of the most interesting stories and ideas in infosec, technology, and humans

No podcast due to RSA week.

Infosec news  


Another NSA contractor has been indicted over a massive leak of classified data. Harold Martin is alleged to have stolen data from the NSA over 20 years, but the government isn't saying what he did with it. These stories are far too common for my taste. Link

An Australian researcher found a persistent XSS bug in the Steam gaming platform. Gaming is about to becoming mainstream, and so is game security. This is why my buddy Jason and I have started the Game Security Framework: to capture and classify the various attack surfaces, vulnerabilities, and negative business outcomes that can occur within video games. Link

Pacemaker data may be used against a man in an arson / insurance fraud case. Expect a lot more of this as we start capturing bio data and sharing it with various entities. Link

Intercontinental Hotels has reported a credit card breach for over a dozen properties. They found malware on POS servers at restaurants and bars between August and December of 2016. Link

Radware has acquired Seculert for machine learning technology. I find the mixing of business intelligence and security analytics fascinating. It's really very similar if you think about it: it's about classification and prediction, which is precisely what machine learning is enhancing. Link

People are losing bitcoin left and right, and one of the techniques is having your mobile phone number hijacked which grants access to many of your systems. If that includes your computer, people can swipe your bitcoin wallet files. Link

U.S.-born NASA scientist with Global Entry detained by Homeland Security and forced to give employer's phone PIN before he could leave. Link

The Grugq has done his first piece analyzing possible cyber operations in the upcoming French elections. He taks you through the various incentive structures around Russia and the various candidates, and why they might support one vs. another. Link

Russian hackers have figured out a way to predict payouts on some slot machines with vulnerable PRNGs. The person in front of the machine sends the backend team some codes, they process them using the knowledge of the broken PRNG, and they then send vibrations to the local person's mobile phone that tell them when to hit the button. A team using the system can evidently make around $250K/week. Link

Australia finally has a mandatory data breach notification. Link

A number of Polish banks have been hacked and are scrambling to find the malware responsible. The worst part is that the infection vector looks to have been the site dedicated to cybersecurity for Polish banks. Link

There's a new type of cash machine attack called "Shimming" that works against cards/banks with poor implementations of chip-based debit and credit cards. The issuer is supposed to check the code on the chip before authorization, but if they don't then this new piece of MiTM hardware can steal the data from the chip and use it to create a functional magnetic strip version of the card. Link

Arby's recently remedied a breach involving malware on payment card systems at hundreds of restaurants. They called Mandiant. Link


Technology news                                                    


Automation is taking out high-end knowledge workers at a faster rate than most people think. Goldman Sachs used to have 600 traders, now they have 2 equity traders left, with the rest being replaced by automated trading software. Link

What software engineers are making around the world right now. Link

Ford is investing $1.3 billion in autonomous vehicle technology from a company called Argo AI. They're an AI and robotics firm focused on what Ford calls a "virtual driver system". Ford says they'll have a fully automated driving solution by 2021. Link

MIT has developed a wearable that can determine the tone of the current conversation. Link

Google researchers have figured out a way to go from blurry pixelated images to usable ones, just like in the movies. Link

Spotify might be in trouble due to the arithmetic of paying for contracts with record companies and publishers. Link

SAP has added AI and integrated analytics into its latest release. AI-powered analytics are becoming a lot like accounting or Excel: sure, you could run a business without it, but it probably wouldn't last long. Link

There's a service called Visa Account Updater that lets merchants know your new card number know your credit card information even before you get it, if it's linked to a valid card they have that just expired. Link

Digital Assistants are about to get really good at conversational question and answer, including follow-up links between previous responses. Link

China has 656 million smartphone users, which is more than double the population of the United States. Link

Apple took 92% of smartphone industry profits in Q4 2016. Link

Uber hires veteran NASA engineer to work on flying vehicles. Link

Apple Pay now supported by 36% of merchants in the United States. Link


Human news                                                  


It looks like the gig economy in its current state is more of a stop-gap while people are between jobs, as opposed to a new career like people thought it was going to be. My belief is that this will change as more and more regular jobs disappear, and as the full spectrum of peoples' skills become available through centralized work/hire apps. Link

A Chinese factory in Dongguan, China replaced 90% of its human workers with robots and production rose by 250% and defects dropped by 80%. Start thinking about Basic Income; it's no longer a fringe idea. Link

Speaking of becoming obsolete, there used to be a dog breed called the Turnspit which would run in a wheel to turn meet so it would cook evenly. It went extinct when that job was given to a machine. Link

SIDS has largely been determined to be a matter of babies sleeping in unsafe conditions and dying of suffocation. Link

Merriam-Webster has added over 1,000 new words to their dictionary. Link

It's been a bad few months for statisticians. First Trump wins against all predictions, and then New England comes back when many statisticians gave them a 90-99% chance to lose at one point. Link

Ancestry.com has a new DNA services that uses 770,000 genomes to track your family's immigration story through the America. Link

The Met museum has made 375,000 images free to the public. Link


Ideas


Corporations Don't Want Employees Link

The Future of Work Link

Violence and Terrorism Are Not the Same Link


Discovery


PacketTotal -- Online analysis of pcaps that shows connections, certs, encryption algorithms, etc. I'm sure you know this already, but be careful what you send to random websites. Link

Blue Feed, Red Feed -- See liberal and conservative facebook side by side. Link

Consume more content by speeding up your audio and video. I listen to a lot of audiobooks at 2-3x. Link

A Whirlwind Tour of Technology Trends in China, by a16z Link

The daily practices of 200 ultra-high performers, collapsed into 15 takeaways. Link

A collection of Chris Valasek and Charlie Millers' car hacking research. Link

How to build an Alexa skill in 7 minutes. Link

Superset -- AirBnB's platform for visual, intuitive, and interactive data exploration. Link

Threat Landscape Dashboard -- A new project by Intel that shows you the top 10 threats and the relationships between them. Link

Cybersecurity Snapshot -- A view of the various players in the cybersecurity space, by Momentum Partners. Link

A team of researchers have released a fascinating paper on the ubiquitousness and implications of TLS interception. Link

Bill Nye is starting a science show on Netflix in April, called Bill Nye Saves the World. Link

CTF Tools -- Configure a full set of tools to compete in a CTF. Link


Notes


I'll be giving a talk at RSA on Thursday at 1:30pm at Moscone West, Room 2005. The talk is on using Adaptive Testing Methodologies to test medical devices. Link

I'll also be spending a good amount of time during the conference at IOActive's IOAsis, which is right down the street from Moscone. It's like a sanctuary away from the show floor where you can come talk about security, get a massage, etc. Stop by and say hello. Link

I was quoted in a Register article about gaming security. Link

I was quoted in a ZDNet article about medical device security. Link

I was quoted in a TechTarget article about IoT security. Link

I've finished Lexicon, and I can virtually guarantee that anyone who likes this newsletter will love this book. It's in my top 5 fiction books for sure. Link

I just started reading Hamilton's Biography, Alexander Hamilton. Link


Recommendations


When you're at RSA this week, ask vendors a simple question: "How should I change my behavior on Monday based on the information you're providing me with your product?" If they don't have a good answer, thank them for their time.


Aphorism

"People don't seem to realize that their opinion of the world is also a confessor of character." ~ Ralph Waldo Emerson
 

Get my new book on the predictable way in which timeless human drives will manifest through technology,
The Real Internet of Things.
Share
Tweet
Share
+1
Forward
Copyright © 2016 Daniel Miessler, All rights reserved.