Daniel Miessler's Blog, page 58

I’m a huge fan of both Reddit and RSS, but it’s not super clear how they work together.

The old version of Reddit used to show all your RSS options very clearly, as you see below, but that functionality is now hidden in the new interface.

How old reddit used to show RSS feeds

I think they want you on the site, not in a news reader.

But while those options aren’t shown anymore, the RSS feeds still mostly work. So here’s a list of them in one place.

Reddit URL schemes

The most basic trick (that pretty much works everywhere) is to simply add .rss to the end of any URL.

reddit.com/r/technology/.rss

Using that basic scheme, you can actually do quite a bit using Reddit’s own built-in URLs.

These work in a browser as well, not just via RSS.

/r/technology/top

/r/technology/hot

/r/technology/new

/r/technology/rising

/r/technology/controversial

A little-known one is that you can filter by domain.

reddit.com/ycombinator.com/.rss

Reddit filtering options

You can filter by the number of results you want to get back.

// Limit the results to 25

/r/technology?limit=25

You can ask for results before or after a certain post.

// Useful if you need to pull a lot of results

/r/technology?after=t3_15bfi0

Putting it all together

And—most importantly—you can combine these options.

// Get the top 50 results from the /r/netsec sub, as RSS

reddit.com/r/netsec/top/.rss?limit=50

// Get the fastest rising results from the /r/technology sub, as RSS

reddit.com/r/technology/rising/.rss

Don’t do this unless you hate people, or plan to.

// Get the top 10 most controversial posts in the /r/philosophy sub, as RSS

reddit.com/r/philosophy/controversial...

Summary

So that’s it.

You can add .rss to the end of any Reddit URL and get the RSS feed for it.
You can view any sub using many different views, including top, rising, most controversial, etc.
You can then filter those further with limits of how many results you get.
You can combine these options to build your own URLs.


Example URLs


https://www.reddit.com/r/netsec/top/.rss?limit=50
https://www.reddit.com/r/technology/top/.rss?limit=100
https://www.reddit.com/r/philosophy/controversial/.rss?limit=10


Notes


You can still get a list of your own private feeds here, but I don’t know how long that will last since they hid it in the new interface.
You can combine before, after, and count to do pagination.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I spend my time reading 3-6 books a month on security, technology, and society—and thinking about what might be coming next. Every Monday I send out a list of the best content I’ve found in the last week to around 40,000 people. It’ll save you tons of time.

MY NEW ESSAYS



Introducing Amazon Curate — I wrote up a fake product release for a product that I wish Amazon would make. A few friends at Amazon have already reached out and said they might actually make it. More Fake Product Release



SECURITY



Another Tesla (a Model X) has been hacked using an attack against its key fob, and Tesla has released new firmware to address the issue. More



The US Senate has passed an IoT Security bill that would require NIST to create new security requirements for IoT devices used by the Federal government. More



Someone assassinated Iran’s top nuclear scientist in a suburb of Tehran. He was ambushed in a car on a country road outside Tehran. Iran blames Israel, which wouldn’t surprise anyone. More



Tyndall Air Force Base in Florida is being guarded by robotic dog-like creatures that patrol the area around the base and then go back into their kennels for a recharge. They feed 3D visual data back to the ops center as they patrol. More



Vulnerabilities: 

Drupal has released updates for multiple critical vulnerabilities that can lead to complete system takeover. More
TikTok has awarded $4,000 to a researcher for discovering an XSS and CSRF vulnerability allowing him to reset passwords on certain accounts. More

Ransomware:

Baltimore schools have been stopped by ransomware again. They’re saying it could take weeks to get everything back online, but they’re planning to start back classes within days. More

TECHNOLOGY



Tesla is now worth half a trillion dollars, which is weird. More



Long-haul trucking companies in the US are increasingly installing cameras and AI in trucks to monitor drivers’ behavior. They can detect things like how often people pick up their phones, how often they get distracted, and when they appear fatigued. More



Microsoft has filed some patents around scoring meetings based on body language and facial expressions. More



Salesforce’s Einstein platform is now serving over 80 billion predictions per day, which include things like when to engage a sales lead, predicting the chances of an invoice being paid, and what products to recommend to a given customer. More



Microsoft’s Office 365 has new functionality that lets your boss monitor how much email and video conferencing you do, and a lot of people are nonplussed. The functionality isn’t on by default though, and there seem to be some benign use-cases, but it’s definitely noteworthy. More



Salesforce is looking to buy Slack. More



Companies:

ClosedLoop.ai just raised a $11 million dollar Series A to predict health outcomes. They’re looking to answer questions like, “Who is most likely to X?” More
Splunk> has purchased Flowmill, a network observability company that focuses on network performance issues in the cloud. More

HUMANS



Companies are starting to use automation and games to do interviews without interviewers—especially for high-turnover jobs like fast food and warehouse workers. Some are being asked to record their answers to questions, others are being asked to play games that test their skills and personalities. More



Amazon is becoming an absolute juggernaut. They’ve hired 427,300 employees in the last 10 months and now have over 1.2 million employees. And they’re still hiring massively right now. More



Amazon is giving its front-line workers $500 million dollars in one-time bonuses. Full-time operations staff in the United States who are employed by Amazon from Dec. 1 to Dec. 31 will receive a bonus of $300, while those in part-time roles will get $150. More



IDEAS, TRENDS, & ANALYSIS



Welcome to the New Middle Ages More



The CDC is predicting US COVID deaths could reach 321,000 by mid-December. More



1 in 6 US families with children don’t have enough to eat this holiday season. More



UPDATES



Matt in the UL Community just recommended How Spies Think, by David Omand, and that’s now in my queue. More



Currently reading:

Atlas Shrugged
Anna Karenina

I was reticent to read Atlas Shrugged since I’ve avoided it for multiple decades, but after hearing an Objectivist Philosophy expert on Lex Fridman’s podcast I was intrigued enough to have a go. It’s actually spawning some interesting thoughts around a unified, centrist political theory that I’ve been working on. So I’m excited about it, and actually enjoying it so far (about 1/10 of the way through).



DISCOVERY  



Cobalt Strike Beacon Analysis from the SANS ISC More



Technical Phone Screen Superforecasters More



Blogging vs. Blog Setups More



Advice for Newsletter-ers More



The Queen’s Gambit is now the most-watched Scripted Limited series in Netflix history. More



The Game is a game where you have to avoid thinking about the game itself. More



Writing Well More



RECOMMENDATIONS



Hire People Who Give a Shit — An interesting article on how to find people who care deeply about your mission and their work. Includes a good list of questions at the end. More



5-Second Feedback — A 4-step process to giving complete feedback to someone on your team. More



APHORISMS



“The calamity of the information age is that the toxicity of data increases much faster than its benefits.”



~ Nassim Taleb

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Click for full size

This isn’t a real product, but I wish it were.

Announcing Amazon Curate

There are thousands or even millions of creators putting out great content that nobody is seeing.

Amazon Curate is a new product that combines content discovery with content personalization.

Companies have solved the problems of, “show me the best tcpdump tutorial”, or “show me the links that people are sharing the most”, but they’ve not solved the problem of, “show me new writers, creators, and other artists that I’ve never heard of but would love.”

We built two systems to make this possible:

Survey — a new high speed internet crawling platform optimized for speed and niche coverage discovery
Surface — a new customization engine based on machine analysis and feature extraction of content discovered by Survey

These two systems are then integrated with existing RSS readers, starting with a partnership with Feedly. Once Amazon Curate integration is enabled, Feedly includes a new Surface menu, which brings in new RSS feeds for topics that you are interested in, e.g., Security, Woodworking, or Investing.

This allows people—for the first time—to be exposed to great unknown creators that share similar foci, and it will allow those creators to get noticed by more people.

Amazon Curate introduces the other 99% of creators to the internet.

Integrations with additional RSS readers are forthcoming in the coming weeks.

That’s the product I’ve wanted for over a decade.

Discovery is a huge issue.

There’s an argument that most of the good creators are already being seen because Google, Social Media, and word of mouth are finding the best stuff out there. I don’t buy that argument.

I have seen far too many examples of phenomenal content that sits on the internet, gets crawled by Google, and yet has no following.

The author doesn’t know how to, or care to, do self-promotion across various channels, so they either continue to write for nobody or they give up because nobody appreciates what they do.

But what if there was a “great contentness” rating that could be assigned by AI? I’m not an expert in the field, but it seems that we’re getting pretty close to being able to use Unsupervised Learning on a given piece of content, find its various peculiarities, and then have a platform take user-generated ratings for labels.

Then, when new content is discovered, it could go through the same process and get matched up with the preferences of a particular user.

This would be like combining Google, NETFLIX, and TikTok all into one engine.

I want it.

Notes


Maybe more TikTok than NETFLIX because it’d be matching your particular tastes rather than looking at what similar people liked.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

You’ve reached a piece of member-only content.

Subscribe

If you’re already a subscriber, please login here.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

People talk a lot about prolonging their lives through medicine or technology, but most ignore ways we can get more from the time we have.

You can add time by noticing time.

And I don’t mean “get more” in the shallow, self-help kind of way. I mean ways to practically increase and enhance the experiences we enjoy while on this planet.

For me there are two main ways of doing this:

Reading
Meditation

Video Games will do this as well, once they’re good enough.

Reading expands the number of experiences one can have. This is especially true of fiction and biographies. They allow us to experience lives as if we lived them. And not just other lives like ours, but vastly different lives.

Especially biographies from different points in history.

Reading lots of good fiction, and many biographies, broadens our life experiences and our wisdom to include that of dozens—or even hundreds—of other existences.

Experiencing More and Appreciating More

So reading offers a broadening of experience.

Meditation is the Yang to reading’s Yin, as it deepens experience.

Specifically Vipassana meditation because it focuses on noticing the current moment.

So while reading gives you more experiences—and of different types—meditation gives you the full value of the time you actually have.

Someone could spend 90 years on the planet without paying attention to anything, and effectively enjoy a tenth of that. While someone wiser could only live to 40 yet enjoy it three times as much.

It’s mindfulness that matters more than meditation here.

Ideally we would combine the two—experiencing more through reading, and appreciating every experience through a practice of mindfulness.

Notes


Sam Harris said something brilliant about this in one of his Waking Up sessions, where he offered that it wasn’t time that was the currency of our lives, but attention.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

There’s something wrong with how we’re thinking about the problems of content moderation and biased AI.

We’re telling ourselves a pleasant childhood fantasy—that we humans are fine, it’s the tools that are the problem! It’s this darn AI that’s biased. It’s the social media that’s hateful.

Nope, that’s too easy. Too childish. Do they magnify negativity? Absolutely. Do they exacerbate innate weaknesses? Sure.

But all these tools have really done is revealed what was already there. They’ve shown a black light on the serial killer porn shops that are the human psyche.

An anti-woman group that would have been 19 angry men in some two-horse town in 1985 becomes a Facebook group with 40,000 people that start harassing women online
A Black family is denied a home loan because the AI looks at the applicant’s face and determines they are high risk
A child predator taps into a massive social network that shares how to target kids without getting caught

This isn’t a tech problem. This is tech revealing a human problem.

The anti-woman group would spread his filth to the United Federation of Planets if he could. The AI said the man was a bad loan because of 150 years of mistreatment of his people. And the only way to stop bad people from congregating is to stop people from congregating.

All this tech has done is evolve to such a high level of efficiency that it’s showing us exactly who we are. The better it gets, the better a mirror it becomes.

In short, the problem isn’t that we have good mirrors, the problem is that we’re ugly.

So when we start talking about fixing biased AI, and fixing social networks, we need to understand exactly what we mean.

Do we hate these mirrors we’ve built, or do we hate what we see when we look in them? We shouldn’t confuse the two.

It could be that an AI will give someone named Daniel Silverman a loan, with very little additional information—based on its training data—and this might actually be predictive of him paying it back.

Is that racist? I think so—it depends on how you define it. But is the AI biased? I’m not so sure. There’s a difference between AI being biased and an AI telling us something we wish were not true.

If an AI accurately predicts the loan repayment rates for a rich Asian man vs. a poor white man, taking into account a ton of other factors like parental income, level of education, work history, etc., and the algorithm says the Asian guy has a 97% chance of paying the loan back, and the white guy from West Virginia has a 27% chance of repayment, is that racist?

I mean, it’s racist in the sense that it favored one race vs. another in this case. And it probably would many more times. But if the algorithm is good at what it does, and uses lots of data, it’s getting those good results by closely matching reality in its predictions.

It’s the reality that’s the problem, not the algorithm’s ability to describe that reality.

Again, mirror vs. face.

And it’s the same for hate on social media, or in instant messages, or in peoples’ brains. Those mediums simply represent various levels of hiding what’s already there.

The hatred exists in people’s brains. It’s existed in private conversation for thousands of years. And it is now being revealed and magnified like never before due to technology.

I know there’s an analog to weaponry here. So am I arguing that, “Guns aren’t the problem, people are the problem!”? Yes and no.

I support both gun ownership and gun control. And again, I break that into two separate problems, fixing broken humans and broken societies, and limiting the damage that those things do when they go bad.

It’s the same with AI and social media. The core of the problem is the societies we’ve built, but we should also be willing to take steps to limit damage. And if that means controlling the power of the weaponry (AI and Social Media), then so be it.

But we must not confuse the mirror and the face, the weapon and the sickness, the hatred and the microphone.

Notes


I am well aware that not all so-called biased AI is actually accurately representing reality in a way that’s uncomfortable. There are countless implementations that take sloppy, negligent shortcuts that produce horribly racist results, often to the pleasure of the operator because it reinforces their inherent racism using “the wisdom of computers”. It’s super gross.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I had an idea for a comedy bit a while back, which I guess I’ll capture here. It goes something like this.

This is more humor than political, but if you like Trump you might want to look away.

—

(imagine a comedy club and a guy onstage)

I think Trump is triggering everyone accidentally. Like he’s even bad at that.

I think he’s such a psychopath that he’d be a horrible actual villain.

(uncomfortable laughs)

The guy has no actual beliefs! Or at least he can’t remember them from one meeting to another. He only cares about himself.

Like he’d be a horrible white supremacist. Like the Klan would come up to him and be like,

KLAN: Hey, you look like you’re signaling to us with all the white stuff, so you’re in right? (wink, wink)

And Trump would be like,

TRUMP: Oh yeah, 100%, all the whites, I’ve been saying that for years. Whites are the best!

And then when they meet in a week at the next meeting Trump shows up again and he brings Kanye.

(laughing)

And the racist guy pulls him aside and is like,

KLAN: Hey man, what the actual fuck? You bring a fucking Black guy to a Klan rally? What the fuck is wrong with you?

And without missing a breath, Trump says:

TRUMP: Yeah, but so look, everyone loves me, whites, Blacks, Kanye, everyone. Kanye’s very popular with whites you know, and he’s got a new album coming out. You guys should go to the show. I can get you tickets. Kanye’s a friend of mine. Going way back, before he was big. He’s a huge fan of mine.

Like he’s just fucking oblivious.

(laughing)

He’d be a horrible Satanist too.

SATANIST LEADER: What the fuck, you brought a bunch of Catholics to our animal ritual?

Trump smiling,

TRUMP: Look we all are into animals. I’ve been giving to animal events way before most people. Hey Christopher (pointing and calling over a guy in a priest outfit), come over here and meet my friend who does the animal stuff!

—

Anyway, a comedy idea explaining what I learned from the Bolton and Woodward books: Trump doesn’t care one bit about anything outside himself. Not religion, not friendship, not America.

They’re all just party themes he can employ to make himself richer, more popular, or both.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Daniel Miessler is a recognized cybersecurity expert and writer with 20 years in Information Security. His experience ranges from technical assessment and implementation, to executive level advisory services consulting, to building and running industry-leading security programs.

His 20 years of experience in security ranges from the vibrant startup ecosystem in his birthplace of Silicon Valley, to working with many of the top 100 worldwide companies. He frequently gives talks and participates in panels around the world, and his work and commentary have been featured in dozens of the world’s leading publications.

LinkedIn

Relevant presence data

Daniel dislikes speaking about himself in the third person.

Web Traffic for January 2020

✓

Twitter: @danielmiessler, ~101K followers, verified by Twitter in 2016.

Website: danielmiessler.com, active since 1999, over 2,000 pieces, monthly visitors ~450K, one of the highest rated personal sites in the world—with a Global Alexa rank around 90,000, and a US Alexa rank around 30,000.

Podcast: The Unsupervised Learning podcast has been going since 2015, and has been rated as one of the top security podcasts for the last several years. The podcast is downloaded approximately 25,000 times a month according to Omnystudio.

The podcast and newsletter are two parts of the same show.

Newsletter: The Unsupervised Learning newsletter has been running since 2015, and is widely popular within the security and tech industry. It reaches approximately 30,000 subscribers and has open and clickrates far above the industry average (~30%/~11% for standard subscribers, and ~75%/50% for members), as measured by MailChimp.
Speaking: 2018 Keynote Speaker at the Rocky Mountain Information Security Conference (RMISC), 2016-2018 AppSec California OWASP Conference, DEFCON 23 (IoT Village), BlackHat 2015 (Arsenal), OWASP AppSec USA, RSA USA (2015, 2016, and 2017), many, many more

Also listed on a list of people who gag when talking about themselves being on lists.

Recognition: Listed among Top 50 InfoSec influencers by DigitalGuardian in 2018, listed as the top InfoSec thought leader in this InfoSec Institute list, listed as the top InfoSec influencer on Onalytica’s 2016 InfoSec Influencers List.
Projects: 2015: Launched the Unsupervised Learning podcast and newsletter, which has around 20,000 followers, 2018: Founder and CEO of the HELIOS company, in the Attack Surface Monitoring space, Creator and leader of the OWASP IoT Security Project, Creator and leader of the SecLists Project, Consistent blogger at danielmiessler.com for nearly 20 years, Coverage of tech conferences often highly commented on by other top industry players, Active coder on GitHub, with over 1K followers, Other projects.


Notes


I strongly dislike speaking of myself and my work in this way, and I used to have this page hidden away just for responding to media inquiries. But with the recent changes to Google’s algorithms (circa September 2018) that focus on fighting fake news and establishing credibility, it’s now become necessary to demonstrate clearly who you are and why someone should listen to you with everything you write. So my apologies for this reading like a case study in narcissism.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

After ignoring the chatter for months I finally decided to check out Robinhood.

I get the appeal.

It’s clear that the app is designed to appeal to younger users.

It’s a beautiful, snappy, and downright alive-feeling application that looks equally good on mobile or desktop. As you move around in it, the numbers for your investments and for the various stocks are in constant motion.

When you take an action, you see results instantly, and you’re constantly being shown information that you might want to take action on. Basically, the app is fun, the app is exciting, and yeah—the app is addicting.

Remind you of anything else?

That’s the problem.

The top movers section of the main page

The Top Movers section is a great example. When you see that some $2-dollar stock just jumped by over 70% it gives you the most dreaded of feelings—especially for a 20-something—FOMO.

That, combined with the entire interface being in constant flux creates this feeling that you’re missing out. It’s screaming at maximum volume:

Other people are making tons of money! Right this second! Using the same information that you are staring at right now! Do something!

Robinhood’s displays of the top lists of stocks that people like to see

The popular subreddit, /r/wallstreetbets, is a hilarious but cringy look at the n00b-investor scene, and it takes particular pleasure in making fun of Robinhood users.

One of the many Robinhood jokes on /r/wallstreetbets

They’re encouraging this through interface design, just like social media.

That’s all good fun, but encouraging novice investors to essentially become day traders is not a nice thing. While this might get more young people involved in investing, it might also sting them badly by prompting bad behavior.

Much of the best investing advice says to invest in solid stocks over the long-term, and to let it ride through the inevitable ups and downs—for years.

This all comes down to Decision Engineering, which Tristan Harris writes about extensively.

Robinhood’s focus on active engagement prods people to do the exact opposite of this, leading people to the often joked about, “Buying green and selling red”, which is the direct result of being exposed to FOMO-creating design cues.

In sum, Robinhood is dangerous because—like social media apps—it’s engineered to create a sense of urgency and action. Seasoned investors in their 30s, 40s, or 50s might be able to manage those urges, but plenty of people in that age group are addicted to social media for the same reasons. Young people with less life experience are even more vulnerable.

If you put a 20-something brain against a team of highly-paid AI specialists, it’s easy to pick the winner.

As Tristan Harris pointed out in The Social Dilemma within the context of social media, this is really your brain vs. the brains and AI weaponry of a massive team of AI specialists at Facebook, TikTok, etc.

And it’s no different at Robinhood. The creators of the app are trying to get people to trade on it. Period. That’s their goal. And they’re using all the same social media design trickery and AI to make it happen.

Younger people should be especially cautious.

So while I’m a huge fan of the Robinhood video game—yes, that’s how I see it—I don’t really recommend people use it for their main investing platform. If you’re trying to invest for the long-term it’s an interface that encourages the opposite. And if you’re a day trader it’s massively underpowered as a tool.

Robinhood to me, in its best possible light, is a way to get young people thinking about the future of their money. And that’s a good thing.

I just worry it’s like giving a Lamborghini and a 6-pack to a 17-year-old. Sure, it might teach them about seatbelts, but not in a good way.

Notes


While I think the creation of social-media-like urgency is clearly dangerous for novice investors, I think the app does have its upsides. It turns investing into a game that can appeal to younger people who usually think about retirement far too late. The question is whether the interest it generates is counteracted by the harm it causes.
This app really focuses the social media conversation because it’s another example of where you’re being presented something that appears overtly positive, but that ends up being toxic due to the incentives of the creators. That’s not a hit on Robinhood. It’s a hit on most companies that have growth and engagement as their primary mission, all else be damned.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

MY ESSAYS



Organizing Feedly by Tags More



Joe Rogan vs. Alex Jones More



SECURITY NEWS



Solid is an idea and company started by Tim Berners-Lee, the inventor of the world wide web. The idea is that you put all your data into a Solid Pod, and then you give granular access to that data to others. So rather than your data being owned and controlled by various corporations, you’d have it all yourself and you’d just give access to groups that provide you functionality. More



Jackson, Mississippi is running a pilot program allowing police to access the live feeds from citizens’ Ring security cameras. More



California’s Senator, Diane Feinstein, who was also Chair of the Senate Intelligence Committee, had a Chinese spy working for her for 20 years. He was evidently mostly a driver and a gofer, but he did serve as the liaison to the Chinese Consulate as well. The FBI concluded that nothing serious was leaked, but, seriously? More



Trump has banned Americans from investing in 31 different Chinese companies due to their ties to the Chinese military. More



There’s now a black market for fake COVID test results. Because of course there is. More



Microsoft is saying you should use app-based MFA, and not SMS. This is the debate that doesn’t die. My opinion is that you should use app-based for your highest-risk accounts, such as email and anything financial, and that SMS is probably good enough for most others. And SMS is still far better than password alone. More



The US’s latest tactic against Russian government APTs is trolling them via embarrassing cartoons. More



Samy Kamkar released new research called NAT Slipstreaming that allows one to bypass NAT for anyone visiting a website. Samy remains my favorite researcher, both personally and technically. More



Shadowmap did some great analysis on how a Chinese company called Zhenhua Data collects and organizes social media data on American targets. More My Essay on This



CISA says the recent US election was the most secure we’ve ever had. It’s good to hear we’ve made such significant gains in election security since 2016, but it seems clear now that the bigger threat is the influence of populations, not manipulation of the election technology itself. More



The Chinese hacking competition, the Tianfu Cup, yielded vulnerabilities in Chrome, ESXi, Windows, and many other platforms. More



Israeli agents assassinated Al Quaeda’s #2 guy along with his daughter via shooting from a motorcycle on the streets of Iran. More



Vulnerabilities: 

Google has released some updates to Chrome. More
Cisco has released updates for its IOS XR software for ASR 9000 series routers. More
There’s a new attack against the DNS, specifically around cache poisoning, called SAD. More More
WordPress has patched 10 security bugs as part of their recent 5.5.2 release. More

Breaches:

Luxotica has announced a data breach affecting 820K EyeMed and LensCrafter patients. More
Capcom disclosed a breach this week using Ragnar Locker ransomware. The attackers claimed to have stolen more than a terabyte worth of files. More
28 million Texas drivers have had their data stolen. It was leaked by an insurance software company called Vertafore, which left the data in an unsecured location. More

Companies:

Menlo security just raised a $100 million Series E to defeat phishing by only showing representations of content, not the actual thing. More
Eagle Eye is bringing video surveillance to the cloud, and just raised a $40 million Series E. More

TECHNOLOGY NEWS



Zoom is lifting its 40-minute limit on free meetings for Thanksgiving. More



Amazon is expanding its garage door delivery service to over 4,000 cities. It allows the Amazon driver to open your garage door and put your stuff inside, instead of leaving it on your doorstep. More



Amazon is releasing something called Care Hub, which allows people to care for their aging family members. It allows you to link accounts with elderly family members so you can see things like commands issued, lights turned on, etc. The elderly family member can also say, “Alexa call for help”, and it will contact the connected family member. More



Facebook has copied Snap’s vanishing message feature on Messenger and Instragram. More



Zoom’s stock took a massive hit last week when news was announced that we are getting closer to a COVID vaccine. More



AWS just launched a new service called Glue Databrew, which cleans and normalizes data—supposedly up to 80% faster. More



Companies:

Databricks has launched SQL Analytics. More

HUMAN  NEWS



McDonald’s is doubling down on automation tech, including automation to take and parse orders, as well as a focus on drive-thru. Again, COVID didn’t start this trend, but it accelerated it. More



Scientists successfully injected an in-utero monkey with the gene that made human brains larger, which made the brain grow and become more human-like. They didn’t let the monkey be delivered though, because they said that would have crossed an ethical line. More



Unemployment claims in the US fell to the lowest level since March, at 709,000. More



The US divorce rate has hit a 50-year low. More



One good sign in the American jobs market is that churn is increasing, meaning there are more people leaving their jobs voluntarily. Over 3 million did so in August, and layoffs declined and openings increased. More



MakAir is an open-source ventilator, and it’s now being used to treat human patients. More



The New York Times has hit 7 million digital subscribers and is now making more from online than print. More



US visas for Chinese students are down 99%. More



A very unscientific poll on Hacker News asked, “Are you depressed?”, and the results were 53% yes. Again, who knows if that was gamed or how clean it was, but if that’s anywhere near accurate that’s troubling. More Discussion



78% of Americans say there is more crime in the US in the last year, but far fewer say there is more crime in their area. More



IDEAS, TRENDS, & ANALYSIS



A fascinating video clip of Neil Postman talking about Cyberspace in 1995. His book, Amusing Ourselves to Death, is one of my favorite books of all time. More



Disney+ now has 73 million subscribers. More



UPDATES



Reading:



I just finished:

The Uprising, which is the UL Book Club book of the month
We, which is the dystopian precursor to 1984 and Brave New World

Currently reading:

Prestige, a book about hiring at elite institutions 

DISCOVERY  



CrowdSec — A modern, crowdsourced replacement for Fail2Ban written in Go. More



Drumbit — an online drum machine. More



Cartography — An asset management tool that does visualizations via Neo4j. More



Linux Command One-liners More



A visualization of American trust in TV news media. More



A CISO Mindmap — What do security professionals really do? More



Making money in bounty is all about being unique, whether that’s through new bugs, speed, or finding special targets. More



There’s a Twitter hashtag for hacking with automation. #hackwithautomation



A Twitter thread on how bad Google is at UX. Highly entertaining. And true. More



DNSX — A new DNS tool from ProjectDiscovery.io that allows you to perform a high volume of DNS queries using multiple resolvers. More



RECOMMENDATIONS



The Surrender of Culture to Technology (Video) More



APHORISMS



“It is difficult to get a man to understand something when his salary depends upon his not understanding it.”



~ Upton Sinclair

Notes


Sep 8, 2020 — This episode originally had this story wrong in the podcast and newsletter—stating that the JEDI contract went to Oracle. My apologies for the error.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.