This week’s topics: My recap of RSA 2017, Google’s zero-trust implementation, Trump domain hacked, robots doing your taxes, the IoT Security train analogy, the future of authentication, toolswatch best tools of 2016, and more…

This is Episode No. 66 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 15 to 30 minute summary.

The goal is to catch you up on current events, tell you about the best content from the week, and hopefully give you something to think about as well.

The show is released as a Podcast on iTunes, Overcast, Android, or RSS—and as a Newsletter which you can view and subscribe to here or read below.

Infosec news  





My RSA 2017 Recap Link



Yahoo! is sending out another round of notifications to users saying there was an issue last year where attackers could create backdoor cookies using internally created software. This creates more questions than answers for me. Link



A U.S. company's toy called My Friend Cayla is a doll that can be controlled via speech recognition and over the internet via an app. Germany has classified the doll as an illegal espionage apparatus and have demanded that German stores stop selling it. The fallout from Snowden continues. Link



There's a new piece of Mac malware that's supposedly linked to the APT28 group that is said to have been associated with election related hacking last year. Link



Google shared their zero-trust network security implementation at RSA last week. Lots of companies talk about this, but they're actually doing it. And it's taken six years to get where they are. Link



IBM researcher Charles Henderson can still follow his car everywhere, even though he solid it a long time ago. Link



Researchers are warning that voice authentication is not good enough, and that it must be combined with other authentication types. I 100% agree. Link



Dutch researchers have found a way to undermine ASLR protection, which could make it much easier to create working exploits. Link





Technology news                                                    





A subdomain belonging to Donald Trump was hacked by someone who left a pro-Iraqi message. Secure2.donaldjtrump.com was evidently compromised through a DNS configuration flaw. Link



Apple has purchased an Israeli company called RealFace that specializes in facial recognition. I hope they don't go to this exclusively, as I think it's going to be a lot more error-prone than TouchID. Link



Google Fiber is shrinking massively as it prepares for new connectivity deployments to be mostly wireless. Link



The cost of manufacturing carbon fiber has fallen massively, and the price to consumers is about to follow. Link





Human news                                                  





Robots will soon do your taxes. Those jobs are just about gone. Link



Bill Gates is quite worried about bioterror. Link



We don't understand consciousness, and we don't understand quantum physics. Some researchers are starting to ask if that's more than a coincidence. Link



26% of American adults haven't read a book in the past year. I suspect the problem is far worse than that. Link



The extreme nerdiness of hand-drawn infographics. Link





Ideas





IoT Security's Train Analogy Link



Violence and Terror Are Not the Same Link



My article from 2015 on the Future of Authentication Link



With Machine Learning, Batteries Are Often Not Included Link





Discovery





The ToolsWatch best security tools of 2016. Link



An unbelievably great deck by Momentum Partners on big moves in the InfoSec space. Link 



DataSploit: Performs various OSINT techniques and organizes results visually and into usable data. Link



A great presentation on starting in IoT hacking. Uses the IOT Security Project that I lead. Link



Combining OpenCanary and DShield. Link





Notes





Here are the slides from my RSA talk on securing Medical Devices using Adaptive Testing methodologies. Link



Here are the slides from my IOAsis talk on implementing Honeytokens throughout the stack without a budget. Link



I'm going through the RSA 2017 vendor list and condensing each interesting technology company into a single sentence. I need someone to pick an alphabet letter and help me clear out the list. I'm currently in the D's (lol). If you want to volunteer for a letter, ping me at danel@danielmiessler.com. Link



I'm about halfway done with the Hamilton biography, and I've just purchased the Federalist Papers as well, which I'll read next. Link





Recommendations





Ensure that your backup strategy is resistant to malware. In other words, if ransomware malware can get to your backups, then you might as well not have any backups.





Aphorism





"By doing just a little every day, you can gradually let the task completely overwhelm you." ~ Unknown

 

Thank you for listening, and if you enjoy the show please share it with a friend or on social media.

__

I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.