Podd: Unsupervised Learning

UL NO. 459: New Active 0-day Exploitation, AI That Sees Your Open Apps, The RebootAI Project

21 november 2024 | 24 min

A Conversation with Rob Allen from ThreatLocker

18 november 2024 | 32 min

In this conversation, I speak with Rob Allen, Chief Product Officer at ThreatLocker.

We talk about:

ThreatLocker’s Unique Zero Trust Approach to Cybersecurity:
How ThreatLocker’s "deny by default, permit by exception" methodology, along with automated application learning and built-in definitions for over 4,000 applications, simplifies allowlisting and enhances endpoint security.

Innovations in ThreatLocker’s Control Features:
How ThreatLocker’s ringfencing prevents unauthorized application interactions and data access, and dynamic firewalls mitigate risks like lateral movement and ransomware attacks through endpoint-level network segmentation.

Recent Developments and Cloud Expansion:
How ThreatLocker Detect and Cloud Detect provide advanced detection capabilities for endpoint and cloud environments, including Office 365, enabling anomaly detection, centralized alerts, and proactive threat management.

And more.

Into (00:00:00)
ThreatLocker's Zero Trust Cybersecurity Approach (00:00:31)
Understanding Allow Listing in Cybersecurity (00:01:49)
Managing Software Updates with ThreatLocker (00:02:13)
Automated Application Updates for Over 4000 Programs (00:04:11)
Vendor Collaboration for Early Software Updates (00:05:40)
Challenges and Risks of Immediate Software Updates (00:06:53)
Assuming Breach: A Core Cybersecurity Principle (00:08:10)
Implementing Zero Trust Strategies with Ring Fencing (00:09:30)
Controlling Application Interactions to Prevent Threats (00:09:50)
Advanced Data Protection with Storage Control (00:13:17)
Dynamic ACLs for Smarter Network Control (00:15:48)
Ransomware Risks from Open Ports (00:16:50)
Using Shodan to Identify Open Port Vulnerabilities (00:17:19)
Building Application Allow Lists with Contextual Data (00:18:43)
Learning Mode for Application and Traffic Visibility (00:19:36)
Balancing User Behavior Control and Workflow (00:20:44)
Integrating Detection and Control with ThreatLocker Detect (00:21:44)
Why Detection is Critical in Cybersecurity Layers (00:22:41)
Response Mechanisms and Automated Remediation (00:24:02)
Lockdown Mode: Ultimate Isolation from Threats (00:25:38)
Streamlined Application Approvals with Cyber Hero (00:26:36)
Breaking Down Ransomware Attack Stages (00:27:46)
Introducing Cloud Detect for Cloud Security (00:29:39)
How to Learn More About ThreatLocker Solutions (00:30:47)

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

UL NO. 458: Ollama Vulnerabilities, Rating AI Using AI, The Mantis Hack-back Framework

17 november 2024 | 33 min

A Conversation with Jason Haddix from Flare

11 november 2024 | 30 min

Streamline Your Cybersecurity with Flare Here:
https://try.flare.io/unsupervised-learning/

In this conversation, I speak with Jason Haddix, founder of Arcanum Security and CISO at Flare.

We talk about:

Flare's Unique Approach to Threat Intelligence:
How Flare's capability to uncover compromised credentials and cookies from the dark web and private forums has been crucial in red team engagements.

Challenges of Credential Theft and Advanced Malware Techniques:
How adversaries utilize tools like the RedLine Stealer malware to gather credentials, cookies, and other sensitive information, and this stolen data enables attackers to bypass authentication protocols, emphasizing the need for comprehensive exposure management.

Jason's Journey To Founding Arcanum & Arcanum's Security Training Programs:
How Jason now advises on product development and threat intelligence as Flare's CISO and his journey to fund Arcanum, a company focused on red teaming and cybersecurity, and Arcanum's specialized training programs focusing on offensive security and using AI in security roles.

And more

Introduction to the Podcast (00:00:00)
Guest Excitement on Podcast (00:00:20)
Jason's New Business and Flare Role (00:00:24)
Career Shift from Ubisoft to Red Teaming (00:01:02)
Evolution of Adversary Tactics (00:02:04)
Flare's Credential Exposure Management (00:02:58)
Synergy Between Arcanum and Flare(00:03:55)
Dark Web Credential Compromise (00:04:45)
Challenges with Two-Factor Authentication (00:06:25)
Cookie Theft and Unauthorized Access (00:07:39)
Redline Malware and Its Impact (00:08:12)
Flare's Research Capabilities (00:09:50)
Potential for Advanced Malware Detection (00:11:40)
Expansion of Threat Intelligence Services (00:12:15)
Vision for a Unified Security Dashboard (00:13:25)
Integrating Threat Intelligence with Identity Management (00:14:00)
Credential Update Notifications via API (00:15:54)
Automated Credential Management Potential (00:17:28)
AI Features in Security Platforms (00:17:32)
Exploration of Automated Security Responses (00:18:38)
Introduction to Arcanum Security (00:19:25)
Overview of Arcanum Training Courses (00:20:25)
Necessity for Up-to-Date Training (00:22:15)
Guest Experts in Training Sessions (00:23:08)
Upcoming Features for Flare (00:25:11)
Integrating Vulnerability Management (00:28:08)
Accessing Flare's Free Trial (00:28:25)
Learning More About Arcanum (00:29:09)

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

UL NO. 454: The First AI Breaches

18 oktober 2024 | 35 min

How My Projects Fit Together (Substrate, Fabric, Telos, Daemon, and Human 3.0)

15 oktober 2024 | 61 min

This episode, "How My Projects Fit Together," is a follow-up to a previous post called "What I Am Doing & How It's Going".

Here, Daniel Miessler addresses the most commonly asked questions: "I see all your projects, but what are they? How are they related?"

He takes an individual look at his various projects (Substrate, Fabric, Telos, Daemon, and Human 3.0) and then how they work together to tackle big issues such as the lack of purpose and meaning in people's lives, preparing people for the impact of AI in society, and the need for holistic human development.

For all the projects’ links,visit: https://danielmiessler.com/p/how-my-projects-fit-together

- Intro (00:00:00)
- Identifying Major Problems (00:00:47)
- Lack of Purpose and Meaning (00:01:50)
- Impact of AI on Society (00:01:50)
- Training for Full-Spectrum Individuals (00:03:02)
- Security as a Core Focus (00:03:02)
- Helios: Attack Surface Monitoring (00:04:11)
- Daemon: Security Program Management (00:05:16)
- Substrate: Enhancing Human Understanding (00:06:21)
- Argument Components in Substrate (00:07:35)
- AI and Argument Detection (00:10:59)
- Fabric: Augmenting Humans with AI (00:15:26)
- Fabric Patterns for Problem Solving (00:16:31)
- Fabric Overview (00:19:36)
- Telos Introduction (00:20:50)
- Articulating the Mission (00:21:50)
- Telos File Example (00:22:53)
- Managing Personal Life with Telos (00:23:57)
- AI and Purpose (00:26:10)
- Daemon Introduction (00:28:21)
- API Concept in Daily Life (00:29:28)
- Digital Assistants and APIs (00:31:40)
- Human Connection through Sharing (00:37:52)
- Daemon Personal API Broadcast (00:39:53)
- Human 30 Introduction (00:43:07)
- Human 30 Philosophy (00:45:22)
- Impact of AI on Work (00:48:47)
- Human 30 Platform Overview (00:51:00)
- Summary of Projects (00:54:03)
- Vision of Future AI Integration (00:56:21)
- Encouragement for Clarity and Purpose (00:57:39)
- Encouragement for Purpose (00:59:47)
- Articulating Your Work (01:00:46)

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Human 3.0—The Skills & Mental Frames Required To Thrive In An AI World

9 oktober 2024 | 30 min

UL NO. 452: The New Hotness: NotebookLM

7 oktober 2024 | 50 min

NotebookLM Podcast: David Deutsch, Understanding, and AI

2 oktober 2024 | 13 min

Venture Capitalists Favor Risk-Takers: The Rise of Self-Made Billionaires and Tech Innovators

28 september 2024 | 5 min

AI Comedians by 2026? The Future of Comedy and the Turing Test for Laughter

27 september 2024 | 4 min

The Alarming Power of Deepfakes

26 september 2024 | 6 min

UL NO. 451: Altman Says ASI in "Thousands of Days"

26 september 2024 | 31 min

Russia Is Paying Right Wing Influencers?

25 september 2024 | 7 min

This Is The Future Career For Creators - Virtual Realities, Economies, and Meaning

24 september 2024 | 9 min

My First Thoughts on New OpenAI Strawberry Model ( OpenAI o1-preview)

19 september 2024 | 22 min

UL NO. 450: Thoughts on o1-preview and the Path to AGI

17 september 2024 | 24 min

A Conversation with Shiladitya Sircar from BlackBerry on DeepFake Threats

17 september 2024 | 45 min

In this conversation, I speak with Shiladitya Sircar, Senior VP of Product Engineering and Data Science at BlackBerry.

We talk about:

The Rise of Deepfakes and Cyber Threats
Innovation Meets Malicious Intent: Deepfakes are not just a tech novelty; they’re a growing threat. From text-based phishing to hyper-realistic fake videos and audio, the landscape of cyber threats is evolving rapidly. Deepfake technology can clone voices, making it easier for cybercriminals to impersonate individuals and bypass security measures.

Understanding Identity Compromise
Voice Cloning Dangers: Our brains are wired to trust familiar voices, making voice cloning particularly insidious. We share a chilling story about a cybercriminal impersonating Ferrari’s CEO. The attacker’s deepfake was so convincing that it almost led to a major scam.

The Impact on Trust
Eroding Trust in Systems: Deepfakes can undermine trust in institutions and systems, much like traditional scams but with a high-tech twist. Beyond individual attacks, deepfakes can manipulate public opinion and even influence elections. Organizations need to train employees to spot deepfakes, and there’s a pressing need for laws that specifically address deepfakes and identity spoofing.

And more

Intro (00:00:00)
Main Cyber Threats from Deepfakes (00:00:56)
Identity Compromise Explained (00:02:47)
Impact of Deepfakes on Trust (00:06:23)
Deepfakes in Attack Chains (00:08:15)
Case Studies of Deepfake Attacks (00:09:41)
Emerging Threat Landscape (00:13:56)
Defending Against Deepfake Attacks (00:15:07)
Regulatory Frameworks Needed (00:16:28)
The Role of Education and Technology (00:18:57)
Future of Content Authenticity (00:20:53)
Legislation and Authenticity Mechanisms (00:22:04)
Real-Time Deepfake Validation (00:23:18)
Government and Industry Partnership (00:24:07)
Media Forensic Research (00:24:23)
Zero Knowledge Proofs (00:25:36)
Content Provenance and Authenticity (00:26:52)
Trust Network Expansion (00:28:00)
Puppeteering Technology (00:29:20)
Stream Authentication Challenges (00:30:21)
Hardware-Level Trust (00:32:00)
Fragmentation in Standards (00:32:29)
Trust in Communication Protocols (00:33:51)
Collaboration for Solutions (00:35:22)
Apple's Unique Position (00:36:47)
Erosion of Trust (00:37:31)
AI Agents for Detection (00:38:11)
Short-term and Long-term Solutions (00:38:45)
Awareness and Education (00:41:23)
Predictions for Deepfake Technology (00:41:48)
Community Action Against Deepfakes (00:43:09)
Learning More About BlackBerry's Work (00:43:29)

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

UL NO. 449: China Hits US ISPs, NIST CSF 2.0, Russian Intel Attacks, Stagnant Companies...

16 september 2024 | 54 min

North Korea Strategy to “Infiltrate” Foreign Companies

10 september 2024 | 3 min

How To Find Great People to Work With - UBI & Talent Distribution

8 september 2024 | 10 min

Ambition & UBI - Why People Are Working Less

6 september 2024 | 7 min

UL NO. 448: TSA SQLi, NYT Github, NK RPM, NVIDIA Mystery...

6 september 2024 | 22 min

Google Current State A Waste of Money & Talent

4 september 2024 | 3 min

How China is Winning The Energy War

2 september 2024 | 2 min

AI The Creative Workflow & The Dangers of Groupthink

31 augusti 2024 | 6 min

UL NO. 447: Sam Curry on Bug Bounty Careers, Slack Data Exfil, The Work Lie

31 augusti 2024 | 33 min

Don’t Judge Yourself Based On What Companies Think of Your Skills

29 augusti 2024 | 5 min

Microsoft Fires DEI Team & The Correct Approach To Diversity

27 augusti 2024 | 3 min

UL NO. 446: AI Ecosystem Components, MS 0-Days, Iranian Campaign Hacks…

22 augusti 2024 | 42 min

Introducing Substrate—An Open-source Framework for Human Understanding, Meaning, and Progress

9 augusti 2024 | 42 min

UL NO. 444: Pizza Meter Intelligence, China Bypasses Bans, Securing AWS Secrets…

9 augusti 2024 | 25 min

Scaling Misinformation With AI

7 augusti 2024 | 6 min

UL NO. 443: North Korean Co-workers, UBI Failure?, AI-Groupthink, GPS Spoofing…

5 augusti 2024 | 33 min

A Conversation with Christine Gadsby from BlackBerry

5 augusti 2024 | 42 min

In this conversation, I speak with Christine Gadsby, Head of Product Security Operations Team at BlackBerry.

We talk about:

The Role of AI in Cybersecurity:

AI's real advancements, practical applications, and associated challenges, moving beyond the hype.

Enhancing Incident Response and Threat Hunting

Christine highlights AI's significant impact on enhancing incident response and threat hunting, how AI quickly analyzes vast data to identify Indicators of Compromise (IoCs), automates routine tasks, and improves decision-making with actionable insights.

The Evolution of Blackberry in Cybersecurity

Christine discusses Blackberry's shift from mobile devices to cybersecurity, emphasizing their focus on highly regulated environment and how the acquisition of Silence brought advanced AI capabilities, enhancing their security solutions.

Among other topics.

Intro (00:00:00)
AI in Cybersecurity: Hype or Reality? (00:00:06)
Incident Response and Threat Hunting (00:01:12)
Automation in Security Programs (00:02:08)
Industry-Specific AI Needs (00:03:20)
AI's Role in Regulated Environments (00:04:23)
Blackberry's AI Integration (00:04:50)
Perceptions of Blackberry's Evolution (00:06:51)
Trust in Vendor Relationships (00:09:11)
AI's Potential in Monitoring (00:11:12)
Challenges of Staffing in Cybersecurity (00:13:18)
Staff Turnover in Cybersecurity (00:13:54)
Burnout and Job Satisfaction (00:14:18)
Hiring Challenges in Security (00:15:17)
Confusion in Cyber Job Market (00:16:10)
Job Changes Among Cyber Leaders (00:17:10)
Outsourcing Security Functions (00:18:09)
Pressure from Boards (00:18:57)
Evolving Security Needs (00:19:40)
Human Element in Cybersecurity (00:20:46)
Talent Pipeline Issues (00:21:40)
Challenges of Smaller Companies (00:22:32)
Job Satisfaction and Workload (00:24:03)
Pressure Cooker Environment (00:24:43)
Crypto Attacks Resurgence (00:26:16)
Crypto Mining Discussion (00:26:33)
APT 32 Insights (00:27:22)
Employee Training Importance (00:28:41)
Indicators of Crypto Mining (00:29:45)
Detection Challenges (00:30:30)
Normal System Behavior (00:32:13)
Looking Ahead to 2025 (00:32:44)
*Supply Chain Pressures (00:35:08)
Arms Race in Security (00:35:27)
Liability Hot Potato (00:36:27)
Managed Services Growth (00:36:44)
Cyber Insurance Trends (00:37:52)
CISO Evolution (00:39:10)
The Importance of Trust in Supply Chain (00:39:56)
Predictions for Cybersecurity Roles (00:40:46)
Following Blackberry's Work (00:41:00)
Networking and Future Conversations (00:41:05)
Conclusion (00:41:37)

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

UL NO. 442: Crowdstrike Analysis, Cannabis=Soma?, NK Github SE, AI Weaponry

24 juli 2024 | 32 min

UL NO. 441: Substrate, OpenAIs AGI Levels, US Literacy Rates

21 juli 2024 | 24 min

UL NO. 440: RAID (Real World AI Definitions)

11 juli 2024 | 36 min

UL NO. 439: Humans vs. AI in Prediction Markets

4 juli 2024 | 18 min

UL NO. 438: Confusion is a Muse

27 juni 2024 | 37 min

UL NO. 437: My List of Hard-won Life Lessons

21 juni 2024 | 28 min

UL NO. 436: Thoughts on the Future of AI & Societal Stability

14 juni 2024 | 54 min

A Conversation with Abhishek Agrawal from Material Security

7 juni 2024 | 54 min

In this conversation, I speak with Abhishek Agrawal, co-founder and CEO of Material Security.

We talk about:

- Material's Security innovative approach to email security by not just preventing unauthorized access but also containing damage from potential breaches.

-Abhishek's background in data infrastructure at Dropbox and how product mangers can become successful CEOs due to their cross-functional expertise.

- The need for customized security measures for different organizations, the role of AI in detecting email threats, the importance of single-tenant environments for sensitive customers and the potential risk of default settings in productivity suites like Google Workspace.

Among other topics.

Abhishek's Background and Material Security (00:00:00)
Email Security and Productivity Suite (00:01:01)
Geographical Connection and Coffee Meetup (00:02:06)
Product Managers as CEOs and Co-founders (00:02:59)
Empowering Product Managers (00:05:01)
Product Management and Marketing Importance (00:08:04)
Email as a Content Repository (00:09:39)
Securing Email Content (00:11:03)
Data Protection for Email (00:12:10)
Redacting and Canaries (00:12:57)
Email Security vs. Data Security (00:14:53)
Abuse Cases and Control Layers (00:17:32)
Mailbox Compromise and Lateral Movement (00:17:39)
Threat Scenario Analysis (00:20:15)
Language Models for Detection (00:22:19)
Optimism in AI Tools for Defense (00:24:34)
Customized Detection Categories (00:25:52)
Security Controls Trend (00:26:20)
Security Concerns for Law Firms (00:27:07)
Email Copy Distribution (00:27:24)
API-Based Integration (00:29:08)
Monitoring LM Functionality (00:30:42)
Threat Intelligence and Detection (00:32:54)
Product Design Philosophy (00:35:56)
Data Protection (00:38:01)
Flexibility in Deployment (00:39:26)
Main Products (00:40:33)
Posture Management (00:44:01)
Broadening Product Coverage (00:48:49)
Google Workspace Threat Detection (00:50:05)
Challenges with CSP (00:51:13)
Contextual Intelligence (00:52:02)
Balancing Depth and Breadth (00:53:15)
Learning about Material (00:53:40)

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

UL NO. 435: Making New Things is Post-AI Safety

7 juni 2024 | 25 min

UL NO. 434: Can You Articulate Yourself in 50 Words?

1 juni 2024 | 28 min

UL NO. 433: China's Flawed Strategy

29 maj 2024 | 10 min

A Conversation with Mike Privette from Return on Security

24 maj 2024 | 46 min

UL NO. 432: Can You Summarize Your Work in a Sentence?

24 maj 2024 | 28 min

A Conversation on Maritime Security with BlackBerry Threat Intelligence

16 maj 2024 | 40 min

In this sponsored conversation, I speak with Corey Ranslem, CEO of Dryad—and the resident expert on Maritime Attacks—and Ismael Valenzuela, VP of Threat Intelligence and Research at Blackberry.

We talked about all things Maritime Security, and I learned a whole lot from the conversation.

Digital Hijacking at Sea: Unveiling a Cyber Attack Scenario in the Red Sea

BlackBerry Quarterly Global Threat Report — March 2024

Maritime Cyberthreats: A Growing Risk to Global Trade (blackberry.com)

00:00:00 Introduction and Guest Welcome
00:00:30 Maritime Security Overview
00:01:15 Baltimore Incident Discussion
00:02:00 Legacy Systems on Ships
00:03:20 Connectivity Challenges at Sea
00:04:10 Cyber Threats in Maritime Industry
00:05:00 Post-Accident Cyber Investigations
00:06:00 Potential Cyber Attacks on Ships
00:07:30 Threat Scenarios and Models
00:08:45 USB and External Media Threats
00:09:30 Evolution of Navigation System Connectivity
00:10:30 Crew Connectivity and Cyber Risks
00:11:30 Lessons from Other Industries
00:12:15 GPS Spoofing and Navigation Interference
00:13:30 Digital Hijacking of Ships
00:14:45 Economic Disruption via Cyber Attacks
00:16:00 Financial Motivation Behind Attacks
00:17:15 Ransomware in Maritime Context
00:18:30 Panama Canal and Economic Impact
00:19:30 Cyber Security Maturity in Maritime Industry
00:21:00 Legacy Systems and Geopolitical Interests
00:22:15 Challenges with Security Solutions at Sea
00:23:30 Historical Cyber Incidents in Maritime
00:24:30 GPS Spoofing Techniques
00:25:15 International Maritime Organization Standards
00:26:30 Criminal Trends and Cyber Attacks
00:27:45 Open Source Tools and Threat Actors
00:28:45 Information Sharing in Maritime Industry
00:29:30 Real-World Examples of Cyber Incidents
00:31:00 Cruise Ships and Large Yachts Security
00:32:15 Autonomous Vessels and Cyber Protection
00:33:30 Future of Autonomous Vessels
00:34:15 Learning and Improving Cyber Security in Maritime
00:35:30 Role of Threat Intelligence in Maritime Security
00:36:15 Optimism for the Future of Maritime Security
00:37:30 Industry Awareness and Education Efforts
00:38:30 AI Integration in Maritime Security Solutions
00:39:15 Conclusion and Final Thoughts

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

UL NO. 431: Companies are Graphs of Algorithms

9 maj 2024 | 12 min

UL NO. 430: The Courage to be Disliked

3 maj 2024 | 30 min

UL NO. 429: Build Your Career Around Problems

27 april 2024 | 22 min

UL NO. 428: Reason to Fear; Reason to Build.

23 april 2024 | 16 min

UL NO. 427: AI's Predictable Future

10 april 2024 | 22 min

UL NO. 425: The Efficient Security Principle

27 mars 2024 | 21 min

UL NO. 424: Raising Security's Floor

21 mars 2024 | 27 min

A Conversation with Jason Meller of Kolide/1Password

19 mars 2024 | 22 min

UL NO. 423: AI is Becoming Like Reading

12 mars 2024 | 21 min

UL NO. 422: To Survive AI, We Must Become Creators

6 mars 2024 | 21 min

A Conversation With Ismael Valenzuela About AI and Threat Intelligence

4 mars 2024 | 46 min

UL NO. 420: APTs using ChatGPT, Bugs Putin, The good side of AI jobs loss?, AI Monitoring Culture, AI patents, and more…

25 februari 2024 | 24 min

UL NO. 419: Problem Quality, 0-Day Spyware, LOTL, Ollama + OpenAI

12 februari 2024 | 30 min

UL NO. 418: DEFCON Moves, AnyCloudDesk, Ransomware Learnings, My Top AI Projects

8 februari 2024 | 28 min

UL NO. 417: NSA's Broker Buys, AI-Assisted Attacks, Companies Only Want Killers

8 februari 2024 | 24 min

A Conversation with Shil Sircar from BlackBerry Data Science

29 januari 2024 | 37 min

UL NO. 416: Tracking AI Agent Activity, 400 SF Cameras, AI Sleeper Agents…

24 januari 2024 | 23 min

A Conversation with Jason Kikta from Automox

22 januari 2024 | 45 min

UL NO. 415: It's Raining 9+ CVEs, 40% Job Loss from AI, Invisible Prompt Injection…

19 januari 2024 | 22 min

UL NO. 414: LastPass Settings Upgrade, Boosting ChatGPT Output, AI Adding Societal Transparency

10 januari 2024 | 26 min

UL NO. 413: 7 Things to Expect from AI in 2024+, Xi Going Stalin, SSH's Terrapin…

6 januari 2024 | 25 min

A Conversation with Gabe Bernadett-Shapiro on AI

21 december 2023 | 37 min

UL NO. 412: OpenAI's Prompt Guide, My Neovim Overhaul, The UL Character Sheet, And…

20 december 2023 | 29 min

UL NO. 411: ChatGPT Repeat Vuln, A UL AI Course!, Revenge Code Deletion

14 december 2023 | 20 min

UL NO. 410: The Immigration/Identity Security Risk, Super Soldier Pentagon Talk, Okta&Me Updates, Teachable Agents

6 december 2023 | 26 min

UL NO. 408: OpenAI Coup Theory, SEC vs. SolarWinds Analysis, Deepfake D&D Summaries

27 november 2023 | 36 min

UL NO. 407: OpenAI Prompt Injection, Leaky GPTs, AGI by 2028, Huberman Routine AI

14 november 2023 | 40 min

OpenAI's New Releases Are a Watershed Moment for Human Creativity—and Prompt Injection

13 november 2023 | 4 min

Why I'm Not Getting the New Humane AI Pin

13 november 2023 | 4 min

UL NO. 406: OpenAI Launches Custom AIs, Okta's New Breach, EFF's Browser Privacy Checker

10 november 2023 | 28 min

UL NO. 404: ServiceNow Widget Flaws, North Korean Infiltrators, and the New Top-performing Prompt String…

26 oktober 2023 | 27 min

UL NO. 403: Signal Investigates Rumored Zero-Day Bug, AI Predicts New COVID-19 Strains, Dwindling US-China Scientific Collaboration...

16 oktober 2023 | 28 min

UL NO. 402: Israeli Footage & Analysis, WSFTP + MOVEIT, AI Explainability, Andreessen vs. Perell on Writing, and more…

11 oktober 2023 | 26 min

UL NO. 401: Sony hit again?, Taiwan Disinformation, Corporations Demand Hardcore Workers, and GPTVision Examples…

3 oktober 2023 | 25 min

UL NO. 400: What Hiring Managers Want, CVE Farming, Hunt Forward Operations, and AI vs. B2B Services

28 september 2023 | 31 min

UL NO. 399: Wisdom Extraction From Any Text, Vegas Gets Cyber Jesus, AI Creativity Performance, Pentagon Cyber Strategy…

19 september 2023 | 39 min

UL NO. 398: Storm Vuln Stacking, CloudRecon, The S-Tier Guide to AI Whispering, Full-body MRIs…

12 september 2023 | 20 min

UL NO. 397: Propaganda in a Box, Glacier-like Security, AGI by 2028?, Ancient Wisdom via AI, and Newsletter Differentiation

7 september 2023 | 26 min

No. 396 - Elon's Doxxing FSD, ATHI AI Threat Modeling Framework, Cardboard Drones, and GPT Enterprise…

29 augusti 2023 | 26 min

What I'm Doing and How It's Going

21 augusti 2023 | 23 min

NO. 395 — How I Make Money as an Independent, Tesla's Insider Data Breach, Bots Beating CAPTCHAs, and Escaping the Maze…

21 augusti 2023 | 32 min

NO. 394 — Vegas Recap, CISA MS Alert, China/US AI Fight, Deceased Kid AI, Following vs. Leading…

16 augusti 2023 | 19 min

No. 393 - Hacker Week, Deleting Google Info, And Creating High-Entropy Content

10 augusti 2023 | 31 min

NO. 392 — Trail of Bits Testing Handbook, Startups Freefall, and Chinese Propaganda Escalation…

31 juli 2023 | 19 min

NO. 391 — AI Manipulation Defenders, .MIL Leak, And The NPC Phenomenon

24 juli 2023 | 22 min

NO. 390 — Voice Scams, FrontView Mirrors, and Idea Molecules

17 juli 2023 | 21 min

NO. 389 — The Creativity Friction Coefficient, Lockbit v TSMC, and Detecting Smart Errors

10 juli 2023 | 18 min

NO. 388 — Context Reflections, Critical Thinking, China's Decline, and NFC

26 juni 2023 | 16 min

NO. 387 — Modern Parenting and Narcissism?, New Russian Hacking Unit, McKinsey AI Predictions, and more…

20 juni 2023 | 24 min

NO. 386 — DBIR 2023, Vision, Smol-Developer, and more…

12 juni 2023 | 26 min

NO. 384 — World AI Coin, Russian Power Attacks, Guidance AI Workflow…

3 juni 2023 | 22 min

NO. 382 — AI Attack Surface Map, Digital Assistants, Dragos Nope, Rogue AI Girlfriend…

16 maj 2023 | 17 min

The Right Amount of Trauma

11 maj 2023 | 8 min

NO: 381 — Reviving Conference Strategies, Nurturing High-Performers, AI Business Takeover, Cyber Threats, and Diversifying Production 🧠🏢🦈📱🚗

9 maj 2023 | 12 min

NO. 380 — LLM-Mind-Reading, Automated War, Rusty Sudo, Eliezer Bitterness Theory...

2 maj 2023 | 18 min

NO. 378 — AI Resilience Scale, Moloch The Demon, Ukraine Data Leak, and more...

17 april 2023 | 25 min

NO. 376 | AI transforms security, existential risk, and how to stay in front…

3 april 2023 | 21 min

NO. 375 — 6 Post-GPT Phases, Github's Private Key, New Assistant Interfaces

27 mars 2023 | 17 min

NO. 374 — AI Response Shaping, SpaceX Blueprints, GPT-4 Innovation Explosion…

21 mars 2023 | 12 min

NO. 373 — SPQA Architecture, LLaMA on M1 Mac, Loved Ones Voice Scams…

13 mars 2023 | 17 min

NO. 372 — LastPass Employee Hack, State AI Propaganda, Crowdstrike Report Analysis…

7 mars 2023 | 29 min

NO. 371 | Covid Lab Leak, Military Server Exposed, OAI Foundry…

27 februari 2023 | 23 min

NO. 370 | GoDaddy Hack, EU Chinese APTs, Hacking with ChatGPT

21 februari 2023 | 14 min

NO. 369 | Reddit Hack, Deepfake Scams, Embracing Change…

13 februari 2023 | 22 min

NO. 368 | China Balloons, CustomGPT, 90s++…

6 februari 2023 | 18 min

NO. 367 | Hive Ransom, Anti-Google, Software 2.0…

30 januari 2023 | 14 min

NO. 366 | T-Breach, Siri++, Conception Ages…

23 januari 2023 | 16 min

NO. 365 | China's Decline, MicrosoftAI, Creativity Ratio…

17 januari 2023 | 11 min

NO. 364 | Reality Headset, BingPT, AI+Cyber

9 januari 2023 | 15 min

NO. 363 | NEWS, ANALYSIS, and DISCOVERY SERIES

3 januari 2023 | 13 min

NO. 362 | Dependency Scanner, Citrix Attacks, AI Analysis…

19 december 2022 | 12 min

NO. 361 | GPT++, Apple Security, CISA Cuba…

12 december 2022 | 12 min

NO. 360 | NEWS, ANALYSIS & DISCOVERY SERIES

5 december 2022 | 13 min

Erkang Zheng of JupiterOne | SPONSORED INTERVIEW SERIES

3 december 2022 | 27 min

NO. 359 | THE NEWS, ANALYSIS & DISCOVERY SERIES

28 november 2022 | 10 min

Scott Kuffer of Nucleus Security | SPONSORED INTERVIEW SERIES

28 november 2022 | 48 min

NO. 358 | NEWS, ANALYSIS, & DISCOVERY SERIES

22 november 2022 | 15 min

NO. 357 | NEWS, ANALYSIS, & DISCOVERY SERIES

14 november 2022 | 13 min

NO. 356 | NEWS, ANALYSIS & DISCOVERY SERIES

7 november 2022 | 11 min

NO. 355 | NEWS & ANALYSIS SERIES

31 oktober 2022 | 14 min

Why Everyone Needs a Blog | THE IDEA SERIES

27 oktober 2022 | 4 min

Creativity Comes From Idleness | THE IDEA SERIES

26 oktober 2022 | 3 min

AI Art Will Push the Top 1% to Human Artists | THE IDEA SERIES

25 oktober 2022 | 4 min

NO. 354 | THE NEWS & ANALYSIS SERIES

24 oktober 2022 | 18 min

Humiliation is Deadly | THE IDEA SERIES

21 oktober 2022 | 11 min

NO. 353 | THE NEWS & ANALYSIS SERIES

17 oktober 2022 | 9 min

News & Analysis | NO. 352

12 oktober 2022 | 13 min

News & Analysis | NO. 351

3 oktober 2022 | 18 min

News & Analysis | NO. 350

26 september 2022 | 15 min

News & Analysis: NO. 349

20 september 2022 | 14 min

News & Analysis | NO. 348 | Spearmishing, Patreon Security, and Triple-Threat Ransomware

12 september 2022 | 23 min

Metagaming: An Interview with Andrew Ringlein

7 september 2022 | 53 min

News & Analysis | NO. 347

6 september 2022 | 16 min

News & Analysis | NO. 346

29 augusti 2022 | 20 min

News & Analysis | NO. 345

22 augusti 2022 | 16 min

News & Analysis | NO. 344

17 augusti 2022 | 13 min

News & Analysis | NO. 343

8 augusti 2022 | 12 min

News & Analysis | NO. 342

2 augusti 2022 | 11 min

News & Analysis | NO. 341

25 juli 2022 | 16 min

News & Analysis | NO. 340 | SF Surveillance, APTs vs. Journalists, TikTok Changes…

18 juli 2022 | 21 min

News & Analysis | NO. 339

11 juli 2022 | 19 min

News & Analysis | NO. 338 | Deepfake Interviews, China Leak, Hacker Services…

5 juli 2022 | 21 min

News & Analysis | NO. 337

27 juni 2022 | 20 min

News & Analysis | NO. 336

20 juni 2022 | 15 min

News & Analysis | NO. 335

13 juni 2022 | 15 min

News & Analysis | NO. 333

31 maj 2022 | 21 min

News & Analysis | NO. 331

16 maj 2022 | 1 min

News & Analysis | NO. 330

9 maj 2022 | 14 min

Why I'm Not Worried About Elon Musk Buying Twitter

2 maj 2022 | 5 min

News & Analysis: NO. 329

2 maj 2022 | 11 min

A Conversation with Paul Zimski from Automox

2 maj 2022 | 29 min

News & Analysis | NO. 328

25 april 2022 | 13 min

News & Analysis | NO. 327

18 april 2022 | 12 min

News & Analysis | NO. 326

11 april 2022 | 12 min

News & Analysis | NO. 325

4 april 2022 | 14 min

News & Analysis | NO. 324

28 mars 2022 | 19 min

News & Analysis | NO. 323

21 mars 2022 | 14 min

News & Analysis | NO. 322

14 mars 2022 | 16 min

News & Analysis | NO. 321

9 mars 2022 | 15 min

Andrew Ringlein's 5 Crypto Accelerators in Gaming and Business

6 mars 2022 | 66 min

News & Analysis | NO. 320

28 februari 2022 | 18 min

News & Analysis | NO. 319

22 februari 2022 | 9 min

News & Analysis | NO. 318

14 februari 2022 | 11 min

News & Analysis | NO. 317

7 februari 2022 | 14 min

News & Analysis | NO. 316

31 januari 2022 | 12 min

News & Analysis | NO. 315

24 januari 2022 | 10 min

Your Value Comes from Your Output

18 januari 2022 | 6 min

News & Analysis: NO. 314

18 januari 2022 | 11 min

News & Analysis: No. 313

10 januari 2022 | 17 min

News & Analysis | No. 312

3 januari 2022 | 15 min

A Short Episode Before the Holidays

20 december 2021 | 5 min

The Vigilant

13 december 2021 | 2 min

News & Analysis | No. 311

13 december 2021 | 15 min

News & Analysis | No. 310

6 december 2021 | 10 min

News & Analysis | No. 309

29 november 2021 | 12 min

News & Analysis | No. 308

22 november 2021 | 7 min

Degrees and Credentials in InfoSec

15 november 2021 | 4 min

News & Analysis | No. 307

15 november 2021 | 22 min

News & Analysis | No. 306

8 november 2021 | 16 min

News & Analysis | No. 305

1 november 2021 | 9 min

News & Analysis | No. 304

25 oktober 2021 | 4 min

News & Analysis | No. 303

18 oktober 2021 | 12 min

News & Analysis | No. 302

11 oktober 2021 | 5 min

Weakness and Evil

8 oktober 2021 | 4 min

Vendor Security 2.0

5 oktober 2021 | 6 min

News & Analysis | No. 301

4 oktober 2021 | 13 min

News & Analysis | No. 300

27 september 2021 | 16 min

News & Analysis | No. 299

20 september 2021 | 21 min

News & Analysis | No. 298

13 september 2021 | 16 min

News & Analysis | No. 297

7 september 2021 | 20 min

News & Analysis | No. 296

30 augusti 2021 | 18 min

A Sponsored Lunch Conversation with Philippe Humeau of CrowdSec

25 augusti 2021 | 28 min

News & Analysis | No. 295

23 augusti 2021 | 13 min

News & Analysis | No. 294

16 augusti 2021 | 12 min

News & Analysis | No. 293

9 augusti 2021 | 17 min

The Strange World of "Good Enough" Fencing

5 augusti 2021 | 5 min

News & Analysis | No. 292

2 augusti 2021 | 24 min

Sustainable Content Creation

27 juli 2021 | 5 min

The Presenting Vendor Paradox

26 juli 2021 | 3 min

News & Analysis | No. 291

26 juli 2021 | 27 min

News & Analysis | No. 290

19 juli 2021 | 17 min

News & Analysis | No. 289

12 juli 2021 | 18 min

News & Analysis | No. 288

6 juli 2021 | 14 min

News & Analysis | No. 287

1 juli 2021 | 19 min

News & Analysis | No. 286

21 juni 2021 | 14 min

News & Analysis | No. 285

14 juni 2021 | 9 min

News & Analysis | No. 284

7 juni 2021 | 20 min

News & Analysis | No. 283

1 juni 2021 | 26 min

News & Analysis | No. 282

24 maj 2021 | 25 min

News & Analysis | No. 281

18 maj 2021 | 23 min

News & Analysis | No. 280

10 maj 2021 | 24 min

News & Analysis | No. 279

3 maj 2021 | 21 min

News & Analysis | No. 278

26 april 2021 | 12 min

News & Analysis | No. 277

19 april 2021 | 28 min

News & Analysis | No. 276

12 april 2021 | 26 min

News & Analysis | No. 275

5 april 2021 | 26 min

Interview: Amir Majidimehr, Audiophile Industry Disruptor

2 april 2021 | 72 min

News & Analysis | No. 274

29 mars 2021 | 20 min

The Consumer Authentication Strength Maturity Model (CASMM)

25 mars 2021 | 13 min

News & Analysis | No. 273

22 mars 2021 | 21 min

News & Analysis | No. 272

16 mars 2021 | 22 min

News & Analysis | No. 271

8 mars 2021 | 29 min

News & Analysis | No. 270

1 mars 2021 | 24 min

News & Analysis: No. 269

22 februari 2021 | 44 min

News & Analysis | No. 268

15 februari 2021 | 28 min

News & Analysis | No. 267

8 februari 2021 | 36 min

News & Analysis | No. 266

1 februari 2021 | 23 min

News & Analysis | No. 265

25 januari 2021 | 27 min

What They Don’t Tell You About Being a Bounty Hunter or Content Creator

22 januari 2021 | 5 min

News & Analysis | No. 264

19 januari 2021 | 25 min

News & Analysis | No. 263

14 januari 2021 | 15 min

News & Analysis | No. 259

14 januari 2021 | 27 min

News & Analysis | No. 257

14 januari 2021 | 12 min

News & Analysis | No. 255

14 januari 2021 | 22 min

News & Analysis: No. 253

3 november 2020 | 21 min

News & Analysis | No. 251

19 oktober 2020 | 24 min

Operation Fortify: A US Ransomware Plan

15 oktober 2020 | 9 min

The Relationship Between Hardship, Struggle, and Meaning

15 oktober 2020 | 14 min

News & Analysis | No. 250

12 oktober 2020 | 27 min

News & Analysis | No. 249

5 oktober 2020 | 22 min

News & Analysis | No. 248

28 september 2020 | 17 min

Why Creators Should Move to Direct Support Monetization

24 september 2020 | 12 min

No, Changing Your SSH Port Isn't Security by Obscurity

23 september 2020 | 13 min

News & Analysis | No. 247

21 september 2020 | 20 min

Book Summary | Naked Statistics, by Charles Wheelen

16 september 2020 | 23 min

News & Analysis | No. 246

14 september 2020 | 26 min

Book Summary | Atomic Habits, by James Clear

10 september 2020 | 16 min

News & Analysis | No. 245

8 september 2020 | 25 min

News & Analysis | No. 244

31 augusti 2020 | 18 min

News & Analysis | No. 243

24 augusti 2020 | 26 min

News & Analysis | No. 242

17 augusti 2020 | 24 min

News & Analysis | No. 241

10 augusti 2020 | 25 min

News & Analysis | No. 240

4 augusti 2020 | 16 min

Unsupervised Learning: No. 239

27 juli 2020 | 10 min

Unsupervised Learning: No. 238

21 juli 2020 | 29 min

Our Lighted Path to Totalitarianism

16 juli 2020 | 14 min

Unsupervised Learning: No. 237

13 juli 2020 | 15 min

Searching for the Ultimate Obstacle to Creativity

7 juli 2020 | 18 min

Unsupervised Learning: No. 236

6 juli 2020 | 28 min

Unsupervised Learning: No. 235

29 juni 2020 | 19 min

Unsupervised Learning: No. 234

21 juni 2020 | 20 min

The Dark Web Has Nothing on Data Brokers

15 juni 2020 | 8 min

Unsupervised Learning: No. 233

15 juni 2020 | 20 min

The Problem With Extracted Versions of Things

12 juni 2020 | 6 min

Unsupervised Learning: No. 232

8 juni 2020 | 33 min

Unsupervised Learning: No. 231

1 juni 2020 | 18 min

Unsupervised Learning: No. 230

25 maj 2020 | 24 min

Analysis of the 2020 Verizon Data Breach Report

20 maj 2020 | 11 min

Unsupervised Learning: No. 229

18 maj 2020 | 19 min

Unsupervised Learning: No. 228

12 maj 2020 | 17 min

Unsupervised Learning: No. 227

4 maj 2020 | 20 min

Unsupervised Learning: No. 226

28 april 2020 | 21 min

A Conversation with Renée DiResta: Disinformation and Conspiracy Propagation

22 april 2020 | 66 min

Unsupervised Learning: No. 225

21 april 2020 | 15 min

Unsupervised Learning: No. 224

14 april 2020 | 20 min

Unsupervised Learning: No. 223

7 april 2020 | 16 min

A Conversation With Leif Dreizler About Security Engineering at Segment

2 april 2020 | 55 min

Unsupervised Learning: No. 222

30 mars 2020 | 34 min

Unsupervised Learning: No. 221

24 mars 2020 | 26 min

Unsupervised Learning: No. 220

17 mars 2020 | 20 min

Unsupervised Learning: No. 219

9 mars 2020 | 13 min

Unsupervised Learning: No. 218

2 mars 2020 | 14 min

Unsupervised Learning: No. 217

24 februari 2020 | 19 min

Unsupervised Learning: No. 216

20 februari 2020 | 14 min

A Conversation With General Earl Matthews on Election Security

15 februari 2020 | 39 min

Unsupervised Learning: No. 215

10 februari 2020 | 14 min

Unsupervised Learning: No. 214

4 februari 2020 | 28 min

Unsupervised Learning: No. 213

27 januari 2020 | 18 min

Unsupervised Learning: No. 212

21 januari 2020 | 22 min

Unsupervised Learning: No. 211

13 januari 2020 | 18 min

Visibility and Understanding Create Both Tools and Weapons

12 januari 2020 | 6 min

Unsupervised Learning: No. 210

8 januari 2020 | 13 min

Unsupervised Learning: No. 209

30 december 2019 | 15 min

Unsupervised Learning: No. 208

23 december 2019 | 15 min

Unsupervised Learning: No. 207

17 december 2019 | 29 min

Unsupervised Learning: No. 206

9 december 2019 | 22 min

Unsupervised Learning: No. 205

2 december 2019 | 34 min

Unsupervised Learning: No. 203

18 november 2019 | 18 min

Unsupervised Learning: No. 202

11 november 2019 | 14 min

Unsupervised Learning: No. 201

4 november 2019 | 20 min

Unsupervised Learning: No. 200

28 oktober 2019 | 18 min

Unsupervised Learning: No. 199

21 oktober 2019 | 18 min

Unsupervised Learning: No. 198

14 oktober 2019 | 18 min

Unsupervised Learning: No. 197

7 oktober 2019 | 24 min

Unsupervised Learning: No. 196

30 september 2019 | 25 min

Unsupervised Learning: No. 195

23 september 2019 | 26 min

Unsupervised Learning: No. 194

15 september 2019 | 24 min

Unsupervised Learning: No. 193

8 september 2019 | 22 min

Unsupervised Learning: No. 192

2 september 2019 | 35 min

Unsupervised Learning: No. 191

26 augusti 2019 | 26 min

The Difference Between Data, Information, and Intelligence

19 augusti 2019 | 5 min

Unsupervised Learning: No. 190

19 augusti 2019 | 23 min

Unsupervised Learning: No. 189

13 augusti 2019 | 8 min

Unsupervised Learning: No. 188

29 juli 2019 | 19 min

Humans Are Genebots

26 juli 2019 | 8 min

Machine Learning Doesn’t Introduce Unfairness—It Reveals It

25 juli 2019 | 9 min

Unsupervised Learning: No. 187

22 juli 2019 | 35 min

Lots of people in the security community went silly over the FaceApp application last week, basically saying that you shouldn't be using the application because they'll steal your face and then be able to impersonate you. Oh, and then it turned out to be a Russian company who put out the application, and that made it 100x worse. The problem here is the lack of Threat Model Thinking. When it comes to election security, propaganda discussions, etc., I am quite concerned about Putin's willingness and ability to harm our country's cohesion through memes and social media. But that does not extend to some random company stealing faces. Why? Because before you can get legitimately concerned about something, you have to be able to describe a threat scenario in which that thing becomes dangerous. As I talked about in this piece, pictures of your face are not the same as your face when it comes to biometric authentication. There's a reason companies need a specific device, combined with their custom algorithm, in order to enroll you in a facial identification system. They scan you in a very specific way and then store your data (which is just a representation, not your actual face) in a very specific way. Then they need to use that same exact system to scan you again, so they can compare the two representations to each other. That isn't happening with random apps that have pictures of you. And even if that were the case, they could just get your face off your social media, where those same people who are worried are more than happy to take selfies, put their pictures on profile pictures, and make sure as many people see them as possible. There are actual negative things that can be done with images (like making Deepfakes of you), and that will get easier over time, but the defense for that is to have zero pictures of you…anywhere. And once again you have to ask who would be doing that to you, and why. Bottom line: authentication systems take special effort to try to ensure that the input given is the same as the enrollment item, e.g., (face, fingerprint, etc.), so it will not be easy any time soon to go from a random picture to something that can full a face scanner or fingerprint reader at the airport. People reading this probably already know this, but spread the word: threat modeling is one of our best tools for removing emotion from risk management.

A contractor named SyTech that does work with Russian FSB has been breached, resulting in the release of 7.5TB of data on the FSB's various projects. This is obviously embarrassing for SyTech and the FSB, but the leaked projects focused on de-anonymization, spying on Russian businesses, and the project to break Russia away from the Internet, which are all known and expected efforts. So there don't seem to be any big reveals as a result of the leak. More

Someone discovered that a bunch of browser extensions were reading things they shouldn't be, and sending them out to places they shouldn't be. This is not surprising to me. Chrome extensions are like Android apps, which should tell you all you need to know about installing random ones that seem interesting. My policy on browser extensions is extremely strict for this reason. People need to understand how insane the entire idea of the modern web is. We're visiting URLs that are executing code on our machines. And not just code from that website, but code from thousands of other websites in an average browsing session. It's a garbage fire. And the only defense really is to question how much you trust your browser, your operating system, and the original site you're visiting. But even then you're still exposing yourself to significant and continuously-evolving risk when you run around clicking things online. And the worst possible thing you can do in this situation is install more functionality, which gives more parties, more access, to that giant stack of assumptions you're making just by using a web browser. The best possible stance is to have as few people possible with access to your particular dumpster. And that means installing as few highly-vetted add-ons as possible. More

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Time Speeds Up When You’re Wasting It

20 juli 2019 | 5 min

Unsupervised Learning: No. 186

15 juli 2019 | 21 min

Unsupervised Learning: No. 185

8 juli 2019 | 22 min

The Telegraph has found strong links between Huawei employees and Chinese intelligence agencies. The Huawei counter was that this was extremely common among telecom companies, and that it wasn't a big deal. The counter to that counter was, basically, "Well, then why did you try to hide it?" /gg More

The NPM security team caught a malicious package designed to steal cryptocurrency. A lot of these packages work by uploading something useful, waiting until it's used by lots of people, and then updating it to have the malicious payload. My buddy Andre Eleuterio did the IR on the situation there at NPM, and said they're constantly improving their ability to detect these kinds of attacks. Luckily NPM's security team had the talent and tooling to detect such a thing, but think of how many similar companies aren't so equipped. I think any team that's part of a supply chain should be thinking about this type of attack very seriously. More

Federal agents are mining state DMV photos to feed their facial recognition systems, and they're doing it without proper authorizations or consent. To me this has always been inevitable because—as Benedict Evans pointed out—it's a natural extension of what humans already do. You already have wanted posters. You already have known suspects lists. And it's already ok for any citizen or any cop to see any person on that list and report them. In fact it's not just possible, it's encouraged. So the only thing happening here is that process is becoming a whole lot more aware (through more sensors), and therefore more effective. Of course, any broken algorithms that identify the wrong people, or automatically single out groups of people without actual matches, those issues need to be snuffed out for sure. But we can't expect society to not use superior machine alternatives to existing human processes, such as identifying suspects in public. That just isn't realistic. Our role as security people should be making sure these systems are as accurate as possible, with as little bias as possible, by the best possible people. In other words, we should spend our cycles improving reality, not trying to stop it from happening. More

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

The World is Collapsing Into Two Countries—Green and Red

3 juli 2019 | 8 min

Unsupervised Learning: No. 184

1 juli 2019 | 19 min

Unsupervised Learning: No. 183

24 juni 2019 | 13 min

Unsupervised Learning: No. 182

18 juni 2019 | 11 min

Unsupervised Learning: No. 181

11 juni 2019 | 25 min

Grit is the Ultimate Privilege

8 juni 2019 | 6 min

Why Software Remains Insecure

6 juni 2019 | 4 min

Unsupervised Learning: No. 179

28 maj 2019 | 17 min

The Deepfakes thing is already starting to have an impact, and it didn't even involve actual Deepfake (GAN ML) technology. A video was spread of Nancy Pelosi speaking very slowly and seeming to stumble over her words, which made her look quite bad. The video was virally shared throughout social media on the right. Problem is, it was intentionally slowed down to make her look old/stupid/crazy. What this shows us is that it's not the machine learning that makes Deepfakes dangerous; it's the willingness of a massive percentage of the US population to believe total garbage without an ounce of scrutiny. It doesn't matter if Deepfakes can be shown to be fake because people are matching evidence to their emotions, not the other way around. The vulnerability is our ignorance and cynicism, not a spoofing technology. And as I wrote about a couple of years ago, this will be used as a weapon against us. More Essay

A real estate insurance website for First American Financial Corp was vulnerable to a simple IDOR (where you change the account number in the URL to get another account), and it evidently resulted in the exposure of hundreds of millions of insurance records that included extremely sensitive information. IDOR is still one of the most common and dangerous vulns a web app can have, and for companies like this they can be devastating. More

The US Military is trying to learn how popular movements form and evolve, and to do so they're studying 350 billion social media messages. But it's a Bloomberg article, so maybe they're actually studying bullfrogs for clues about hypertension. More

Moody's has downgraded Equifax's rating in some significant part due to its 2017 cyber breach. This is noteworthy because until now, breaches have largely been spackled over in terms of the major financial perspective and at the 6-24 month timescale. This is a positive indication that companies could actually start taking cybersecurity more seriously, and not just at the CISO and IT level, but from the boardroom down. More

Advisories: TP-Link Routers

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Unsupervised Learning: No. 178

24 maj 2019 | 23 min

Unsupervised Learning: No. 177

14 maj 2019 | 23 min

Finding Clarity on the Exodus of the New Left

4 maj 2019 | 11 min

Unsupervised Learning: No. 175

1 maj 2019 | 37 min

A Political Discussion with Jeremiah Grossman

14 april 2019 | 106 min

Unsupervised Learning: No. 173

14 april 2019 | 25 min

Unsupervised Learning: No. 171

1 april 2019 | 19 min

Unsupervised Learning: No. 169

18 mars 2019 | 19 min

Unsupervised Learning: No. 167

3 mars 2019 | 34 min

Unsupervised Learning: No. 165

21 februari 2019 | 24 min

Unsupervised Learning: No. 163

4 februari 2019 | 17 min

An Overview of the OWASP IoT Top 10 for 2018

7 januari 2019 | 15 min

Unsupervised Learning: No. 159

7 januari 2019 | 28 min

Unsupervised Learning: No. 155

11 december 2018 | 16 min

Unsupervised Learning: No. 153

26 november 2018 | 15 min

Unsupervised Learning: No. 147

25 oktober 2018 | 12 min

Unsupervised Learning: No. 141

4 september 2018 | 59 min

Unsupervised Learning: No. 139

20 augusti 2018 | 18 min

Unsupervised Learning: No. 135

22 juli 2018 | 28 min

Unsupervised Learning: No. 133

11 juli 2018 | 35 min

Unsupervised Learning: No. 131

26 juni 2018 | 30 min

Unsupervised Learning: No. 129

12 juni 2018 | 11 min

Unsupervised Learning: No. 128

4 juni 2018 | 11 min

Unsupervised Learning: No. 127

29 maj 2018 | 10 min

Unsupervised Learning: No. 126

25 maj 2018 | 9 min

Unsupervised Learning: No. 125

18 maj 2018 | 12 min

If You’re Not Doing Continuous Asset Management You’re Not Doing Security

16 maj 2018 | 7 min

Unsupervised Learning: No. 120

9 april 2018 | 19 min

Unsupervised Learning: No. 119

2 april 2018 | 27 min

Unsupervised Learning: No. 116

13 mars 2018 | 17 min

Unsupervised Learning: No. 115

6 mars 2018 | 12 min

Unsupervised Learning: No. 113

20 februari 2018 | 52 min

Unsupervised Learning: No. 112

12 februari 2018 | 22 min

Unsupervised Learning: No. 111

5 februari 2018 | 14 min

Unsupervised Learning: No. 109

22 januari 2018 | 15 min

Unsupervised Learning: No. 107

8 januari 2018 | 30 min

The Biggest Advantage in Machine Learning Will Come From Superior Coverage, Not Superior Analysis

3 januari 2018 | 8 min

It's Wrong to Fear-monger on IoT Security

3 januari 2018 | 5 min

Unsupervised Learning: No. 106

3 januari 2018 | 28 min

Unsupervised Learning: No. 105

18 december 2017 | 24 min

Unsupervised Learning: No. 104

12 december 2017 | 26 min

Unsupervised Learning: No. 103

27 november 2017 | 29 min

Unsupervised Learning: No. 102

20 november 2017 | 26 min

Unsupervised Learning: No. 101

13 november 2017 | 35 min

Unsupervised Learning: No. 100

6 november 2017 | 23 min

Unsupervised Learning: No. 99

31 oktober 2017 | 29 min

InfoSec Needs to Embrace New Tech Instead of Ridiculing It

26 oktober 2017 | 6 min

The Difference Between Violence and Terrorism

26 oktober 2017 | 5 min

Unsupervised Learning: No. 98

23 oktober 2017 | 33 min

Unsupervised Learning: No. 97

16 oktober 2017 | 37 min

Unsupervised Learning: No. 96

11 oktober 2017 | 34 min

Unsupervised Learning: No. 95

2 oktober 2017 | 11 min

Unsupervised Learning: No. 94

25 september 2017 | 33 min

Unsupervised Learning: No. 93

18 september 2017 | 43 min

Unsupervised Learning: No. 92

11 september 2017 | 30 min

Unsupervised Learning: No. 91

4 september 2017 | 38 min

Unsupervised Learning: No. 90

28 augusti 2017 | 31 min

Unsupervised Learning: No. 89

20 augusti 2017 | 35 min

Unsupervised Learning: No. 88

15 augusti 2017 | 22 min

Unsupervised Learning: No. 85

10 juli 2017 | 26 min

Unsupervised Learning: No. 83

27 juni 2017 | 27 min

Unsupervised Learning: No. 82

12 juni 2017 | 20 min

Unsupervised Learning: No. 81

4 juni 2017 | 28 min

Unsupervised Learning: No 79

23 maj 2017 | 33 min

Unsupervised Learning: No. 78

14 maj 2017 | 31 min

Unsupervised Learning: No.76

2 maj 2017 | 18 min

Unsupervised Learning: No. 75

23 april 2017 | 35 min

Unsupervised Learning: No 74

17 april 2017 | 52 min

Unsupervised Learning: No 73

10 april 2017 | 76 min

Unsupervised Learning: No. 72

3 april 2017 | 63 min

Unsupervised Learning: No. 71

26 mars 2017 | 43 min

Unsupervised Learning: No. 70

20 mars 2017 | 25 min

Unsupervised Learning: No. 69

13 mars 2017 | 27 min

Unsupervised Learning: No. 68

6 mars 2017 | 38 min

Unsupervised Learning: No. 67

27 februari 2017 | 31 min

Unsupervised Learning: No. 66

21 februari 2017 | 29 min

Unsupervised Learning: No. 64

7 februari 2017 | 22 min

The Experience of Free Will is Not Free Will

1 februari 2017 | 6 min

Unsupervised Learning: No. 63

30 januari 2017 | 47 min

Unsupervised Learning: No. 62

22 januari 2017 | 28 min

Unsupervised Learning: No. 61

16 januari 2017 | 40 min

Gratitude is the Epicenter of Happiness

14 januari 2017 | 4 min

If You Believe Nothing You Can Be Convinced of Anything

13 januari 2017 | 12 min

Unsupervised Learning: No. 60

11 januari 2017 | 32 min

4 Things To Do in the First Week of Every January

27 december 2016 | 2 min

Unsupervised Learning: No. 58

19 december 2016 | 15 min

Unsupervised Learning: No. 57

12 december 2016 | 29 min

Unsupervised Learning: No. 56

5 december 2016 | 15 min

Unsupervised Learning: No. 55

28 november 2016 | 24 min

The Difference Between Threats, Threat Actors, Vulnerabilities, and Risks

27 november 2016 | 6 min

The Difference Between Existentialism, Nihilism, and Absurdism

22 november 2016 | 8 min

Stop Being Proud of Complexity

22 november 2016 | 4 min

Unsupervised Learning: No. 54

21 november 2016 | 15 min

Unsupervised Learning: No. 52

7 november 2016 | 41 min

Unsupervised Learning: No. 51

31 oktober 2016 | 61 min

Unsupervised Learning: No. 50

24 oktober 2016 | 37 min

Unsupervised Learning: No. 49

18 oktober 2016 | 48 min

Unsupervised Learning: Episode 46

27 september 2016 | 30 min

Unsupervised Learning: Episode 45

19 september 2016 | 57 min

Unsupervised Learning: Episode 44

11 september 2016 | 34 min

Unsupervised Learning: Episode 43

7 september 2016 | 42 min

Unsupervised Learning: Episode 42

1 september 2016 | 65 min

Unsupervised Learning: Episode 41

18 augusti 2016 | 34 min

Unsupervised Learning: Episode 40

31 maj 2016 | 55 min

Unsupervised Learning: Episode 39

14 maj 2016 | 24 min

Unsupervised Learning: Episode 38

2 maj 2016 | 45 min

Unsupervised Learning: Episode 37

25 april 2016 | 36 min

Unsupervised Learning: Episode 36

18 april 2016 | 21 min

Unsupervised Learning: Episode 35

11 april 2016 | 27 min

5 Increasingly Effective Ways to Achieve Immortality

7 april 2016 | 14 min

[ Subscribe to the Podcast: iTunes | Android | RSS ]

—

I think a lot about how to become immortal. More than I should, probably.

Many think it’s a waste of time. Everyone dies, and it’s foolish to think we can avoid it. This piece takes a different view, and describes a number of ways, with varying levels of requirement and effectiveness, one can either avoid dying or live on after death.

They’ll go from most practical to most effective.

1. Live On Through Your Children

This one is cheating a bit, mostly because you’re not actually becoming immortal.

But the fact remains that this does give many people (probably billions) a genuine feeling of lastingness, and that’s significant.

Again, I don’t really count it because it’s an extremely tenuous way of living on, but it deserves mention.

2. Live On Through Your Works

This one is kind of like the first, in that you’re not actually getting to continue living. So it’s a bit of a misnomer too.

What it deals with, however, can also provide a significant sense of contentment at the end of one’s life. Basically, if you leave behind works and ideas that will be used by significant numbers of people, for a significant period of time, you can think of this as living on.

It’ll take some sting off of dying, perhaps. But not much. You’re still dead.

3. Reconstruction Through Reproduction of Variables

Ok, now we’re getting into actual survivability.

This one works like this: either before you die, or after you are dead, an organization collects a series of inputs about you and uses them to create a working model of you.

Here are some of the input types:

* Your DNA (this is really important)
* Everything there is to know about where you grew up (what was happening in the world then, where you went to high school, what the major news events were, the major themes in culture and art, etc.)
* Everything there is to know about the people you grew up with
* All your personal, transformational experiences. This can be gathered from a myriad of sources, but your own description of the incidents will be key. It’ll also come from interviews with people who know those experiences and how they affected you
* Every piece of output you left behind, e.g. blog posts, Facebook posts, books, essays, schoolwork, letters, videos, whatever. They’re all harvested for evidence of who you are

Then, the system takes the environment data and models it against your DNA, which it got from a piece of hair or something. It runs your entire genome and determines how you would respond mentally to these various stimuli.

The output is a digital life form that is, as much as it can be, you. You now live in cyberspace somewhere, and you’re introduced to the fact that you were reconstructed using this method, and that you have this rich history, etc. You are you.

4. Preserving Your Brain to Be Put in Another Body in the Future

Another method for achieving comfort that you’ll continue to live after death is to have a reliable way to preserve your brain once you pass, with the belief that it’ll be either 1) put into another body later (not my favorite idea), or 2) it’ll be downloaded into a digital form to live permanently in cyberspace.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Unsupervised Learning: Episode 33

7 april 2016 | 38 min

T1SP: Episode 32

28 mars 2016 | 36 min

[ Subscribe to the Podcast: iTunes | Android | RSS ]

News

* [ ] Verizon Enterprise Solutions had a major data breach of their customer data. This is the group that handles breaches for their customers. “Virtually every attack in this data set (98 percent) was opportunistic in nature, all aimed at easy marks…”
* [ ] Iranians charged with attacks against US banks and a New York dam
* [ ] Hackers steal 81 billion from the Federal reserve bank of New York
* [ ] Uber launches bug bounty program, describes the surface area. Someone said it was really bad, though. Not sure what that’s about
* [ ] New ultra-fast SSD technology coming from Intel soon
* [ ] FBI backs off request for Apple backdoor. Says they have it handled. We find out it’s an Israeli company
* [ ] Water treatment plant hacked, chemical mix changed for tap supplies | http://www.theregister.co.uk/2016/03/24/water_utility_hacked/
* [ ] German steel mill compromised and wrecked a blast furnace
* [ ] This is after a string of attacks against power companies using spear phishing and office malware
* [ ] Microsoft’s AI Chatbot was a teenage girl, but it learned from the people who talked to it, so before long it was talking about loving incest, sex, and hitler
* [ ] Millions of Android devices vulnerable to root exploit due to Snapdragon chip flaw
* [ ] Kentucky-based Methodist Hospital declares state of emergency after it’s wrecked by Locky ransomware
* [ ] Credit Card Breaches Linked To Security Cameras
* [ ] Chinese national pleads guilty to stealing plans for Air Force aircraft
* [ ] Hackers offer Apple’s Ireland staff $23,000 for their login credentials
* [ ] Ransomware hitting major vulns: The Angler, Neutrino, Magnitude, RIG, and Nuclear exploit kits spread the Flash CVE 2015-7645 exploit; Angler spreads Flash 2015-8446; Angler and Neutrino spread Flash CVE 2015-8651; and Angler spreads Silverlight CVE-2016-0034, an exploit exposed in the Hacking Team breach.
* [ ] Microsoft Deploys Macro Blocking Feature in Office to Curb Malware

Ideas, updates, and discussion

* [ ] Innovation Sandbox | Innovative Security Products (2016 Edition)
* [ ] AI and messaging apps are the new mobile apps
* [ ] Human Attention as Attack Surface | https://danielmiessler.com/blog/human-attention-as-influence-attack-surface/
* [ ] Most can’t respond to breach: http://blogs.csc.com/2016/03/15/while-majority-of-orgs-fear-big-breach-theyre-not-prepared-to-respond/?utm_content=bufferc043c&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
* [ ] How your data is collected and commoditized online by free online services | http://www.troyhunt.com/2016/03/how-your-data-is-collected-and.html

Tools, talks, and projects

* [ ] Innovation Sandbox | Innovative Security Products (2016 Edition)
* [ ] 2016 Data Breach Digest | https://danielmiessler.com/blog/analysis-verizons-2016-data-breach-digest/
* [ ] AI and messaging apps are the new mobile apps | https://danielmiessler.com/blog/ai-assistants-are-the-new-applications/
* [ ] Idea Expansion Format | https://danielmiessler.com/blog/idea-expansion-format-ief/
* [ ] BinDiff is a comparison tool for binary files that helps to quickly find differences and similarities in disassembled code.
* [ ] IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets and log files using a message queuing protocol.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

T1SP: Episode 31

14 mars 2016 | 32 min

My Response to Sam Harris on the Apple Encryption Debate

28 februari 2016 | 36 min

[ Subscribe to the Podcast: iTunes | Android | RSS ]

[ UPDATE: Much credit to Sam for engaging in the conversation. I’m not sure how people claim he’s closed on this topic when he is clearly open to exploring it. ]

I don't agree with all of it. But this is a very good response to my remarks about encryption. https://t.co/rMl8zgtuWN @danielmiessler— Sam Harris (@SamHarrisOrg) February 28, 2016

—

I’ve been planning on doing a podcast episode on the Apple encryption debate for some time, but I was unsure of the format I should use.

This problem was just solved for me when I listened to Sam Harris—who is someone I respect greatly—miss the mark significantly in a recent podcast.

The thing that compelled me to respond was the fact that I don’t often disagree with Sam. His logic is usually impeccable, and we often end up with nearly identical opinions.

So it was somewhat surreal to hear him be wrong about something. Or at least disagree with me (which, of course, may not be the same thing).

Anyway, being in information security myself I felt like a response was important.

This essay takes the form of a retort to his comments, followed by my own points and then a summary.

Sam’s points

[ The points are summarized, by the way, not necessarily exact quotes. ]

* Apple built the lock, but didn’t build the key, and now they’re telling us that building the key would put us all at risk. Self-serving abdication of responsibility.
* Community in tech swayed by Snowden. Even when the government gets a court order, they think they shouldn’t give access
* Gives cases where text messages could have helped solve a murder, but the texts are unread because the iPhone is unbreakable. Imagine being a family member!
* Could someone build an impregnable room inside their own house?
* What if you could take a drug that could make your DNA unanalyzable? So you could never be linked to any crime. The only people who would benefit would be criminals!
* Apple could maintain the backdoor and it’d be fine, just like banks have your banking information. They’re trading on paranoia.

My responses

[ NOTE: This will come in the form of a podcast, which I may still record. I wrote it largely in the voice of a spoken conversation. ]

First, let’s start with where we agree.

You speak of a “Cult of Privacy”, where people are blindly saying that Snowden did nothing wrong whatsoever, that he didn’t set a dangerous precedent, that any violation of privacy in any case is always bad, etc., etc.

I absolutely agree with you that this is not an intelligent way to understand and discuss current events.

But there’s another cult on the other side, and it’s one that you’re coming dangerous close to membership in. And that’s “The Cult of Safety”. This one works like this: If there is any situation in which some amount of data could be used to help learn where a kidnapped girl is, or where a terrorist’s bomb will detonate, then it’s within the rights of a government to legally seize ...

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

T1SP: Episode 29

23 februari 2016 | 19 min

[ Subscribe to the Podcast: iTunes | Android | RSS ]

News

* [ ] Apple calls out FBI on iPhone decryption case
* [ ] Trump calls for a boycott of Apple, from an iPhone
* [ ] Judge Rules FBI Must Reveal Malware It Used to Hack Over 1,000 Computers
* [ ] Wow. Someone hacked @linuxmint’s website and replaced ISOs with backdoored version today http://blog.linuxmint.com/?p=2994
* [ ] This affects a universally used library (glibc) at a universally used protocol (DNS). Generic tools that we didn’t even know had network surface (sudo) are thus exposed, as is software written in programming languages designed explicitly to be safe. ~ Dan Kaminsky
* [ ] Mint Forum Hacked, website compromised, fake downloads posted
* [ ] TeslaCrypt now targeting Joomla sites as well as WordPress
* [ ] Hollywood Hospital pays 17K to decrypt files; hope they cleaned up afterwards otherwise they’ll be paying rent
* [ ] Patch your vServer; RCE flaw
* [ ] Power grid honeypot by MalCrawler

Ideas, updates, and discussion

* [ ] The San Bernadino health department changed the iCloud password (at the FBI’s request) after having the device for just a few hours
* [ ] The FBI didn’t have the other two phones, which were destroyed
* [ ] The implications for data security if US companies are told the government must be able to get in is that US citizens will soon be told that they cannot create, purchase, or use tech that is locked down in this way
* [ ] There’s another way to the iPhone data: https://threatpost.com/delicate-hardware-hacks-could-unlock-shooters-iphone/116388/ via @IOActive

Tools, talks, and projects

* [ ] Bitquark is releasing some subdomain research; will be added to SecLists
* [ ] Log.io web interface for looking at log files | http://www.tecmint.com/linux-server-log-monitoring-with-log-io/
* [ ] Lobotomy: Automate Android assessment and reversing | https://n0where.net/android-security-toolkit-lobotomy/
* [ ] SSLyze: https://n0where.net/fast-and-full-featured-ssl-scanner-sslyze/
* [ ] SELKS: Full NSM with Suricate and rule manager | https://www.stamus-networks.com/downloads/

Announcements

* [ ] I’ll be at the IOAsis at RSA next week; come by and say hello

Miscellaneous

* [ ] War-games movie prompted Reagan to take cybersecurity action | http://www.nytimes.com/2016/02/21/movies/wargames-and-cybersecuritys-debt-to-a-hollywood-hack.html

[ Subscribe to the Podcast: iTunes | Android | RSS ]

Notes

* The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

T1SP: Episode 28

15 februari 2016 | 42 min

T1SP: Episode 27

2 februari 2016 | 23 min

T1SP: Episode 26

25 januari 2016 | 49 min

T1SP: Episode 25

19 januari 2016 | 26 min

[ Subscribe to the Podcast: iTunes | Android | RSS ]

News

* [ ] TrendMicro node.js server listening on localhost can execute commands; exposed to the internet
* [ ] SSH backdoor found in Fortinet firewalls
* [ ] SSH client vulnerability
* [ ] Australia’s Cybercrime Online Reporting Network (ACORN) received over 39K reports of criminal activity in 2015
* [ ] Hyatt names 250 hotels hit by malware, includes the one for DerbyCon
* [ ] Web sense rebranding as Forepoint, acquires Intel’s firewall business
* [ ] Twitter might be ending its 140 character limit
* [ ] Major vulns still being found in Health and Fitness mobile apps
* [ ] Angler exploit kit continues to evade detection
* [ ] LostPass attack is a phishing email attack that works against LastPass (showed at Shmoocon this weekend)
* [ ] Virus just took down the Melbourne Health computer system
* [ ] Lastpass has found a workaround for the LostPass attack
* [ ] A bit match fixing problem has been found in Tennis
* [ ] Trustwave is being sued by Affinity for supposedly missing an second hack that was going on while they were there to fix an initial hack

Ideas, updates, and discussion

* [ ] IR is messy and dangerous; assume compromise; assume continued compromise; be extremely careful saying that things were contained; if you’re not Mandiant you’re probably not doing a great job
* [ ] Smartphone encryption and the gun debate: same coin? ISIS supposedly has its own encryption app. What next, make murder illegal?

Tools, talks, and projects

* [ ] FIR – Fast Incident Response Management Platform
* [ ] DIVA damn insecure and vulnerable Android app
* [ ] Kill Chain for Kali Linux 2.0 : recon, weaponization, delivery, exploit, installation, c2, actions
* [ ] EZ-Wave: exploiting Z-Wave networks using SDR
* [ ] GoPhish: open source phishing framework
* [ ] V3n0m SQLi scanner
* [ ] VScan : uses NSE scripts to find vulns
* [ ] SleepyPuppy Burp Extension
* [ ] DBDAT — Database Assessment Tool — https://github.com/foospidy/DbDat

Announcements

* [ ] Speaking at AppSec Cali next week (Tuesday) on ATM
* [ ] Shmoocon hiring list: http://www.room362.com/2016/01/2016-shmoocon-hiring-list.html

Miscellaneous

* [ ] Great security news source: https://security.didici.cc/news
* [ ] Thanks to Tripwire for giving a shoutout to the podcast on Twitter

[ Subscribe to the Podcast: iTunes | Android | RSS ]

Notes

* The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

T1SP: Episode 24

11 januari 2016 | 28 min

[ Subscribe to the Podcast: iTunes | Android | RSS ]

News

* [ ] Norse lays of 20 people; not clear what percentage that is; threat intel not going so well?
* [ ] OPM declines to release details on its big breach
* [ ] Juniper says it’s going to remove the code that it thinks was developed by the NSA to eavesdrop on traffic
* [ ] CVE details lists (OS X, iOS, Flash, Air, IE, Chrome, Firefox) as the software with the most issues
* [ ] GM is going to do a bug bounty
* [ ] The Hacker Manifesto turned 30 (My crime is that of curiosity)
* [ ] Sophos Home free for Windows and Mac users
* [ ] SF Yellowcab filling for bankruptcy
* [ ] Hackers shut down Ukraine power grid; evidently a malicious word doc sent via email; supposedly the Sandworm Team
* [ ] Bicycle Attack on TLS: https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf
* [ ] North Korea evidently detonated a hydrogen bomb
* [ ] Time warner customers lose email passwords (320K)
* [ ] Microsoft killing off IE 8, 9, and 10 on January 12th
* [ ] VTech launching new product line after it got hacked and leaked data on 6 million kids
* [ ] Big Flash player update, 0-day and 18 other issues

Ideas, updates, and discussion

* [ ] Back to Ubuntu from CentOS
* [ ] Sick for five weeks
* [ ] Ikigai (what you love, what the world needs, what you can be paid for, what you are good at)
* [ ] Giving books as gifts

Tools, talks, and projects

* [ ] TOWER-SEC protecting ECUs and Telematics on cars
* [ ] AppSensor project; Detection points: https://www.owasp.org/index.php/AppSensor_DetectionPoints
* [ ] Where the Science is Taking Us in Cybersecurity, Dan Geer
* [ ] Rapid7 Hackazon app (modern)
* [ ] DVNA (Damn vulnerable Node Application)
* [ ] Argon2 password hashing algorithm
* [ ] Dradis
* [ ] Kippo SSH honeypot

[ Subscribe to the Podcast: iTunes | Android | RSS ]

Notes

* The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.
* It’s better to listen via iTunes or with the player embedded above, but you can also download the sound file directly.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

T1SP: Episode 23

4 januari 2016 | 55 min

[ Subscribe to the Podcast: iTunes | Android | RSS ]

News

* [ ] Juniper backdoor; could have been found with diff; signs point to NSA
* [ ] RCE on FireEye appliances
* [ ] Hyatt got hacked; malware on POS
* [ ] 45K drones registered with FAA within 2 days
* [ ] Industry moving towards password-free logins; still single factor, now the factor is your device; although access to device could require factors
* [ ] Microsoft will now tell you if your account has been targeted by government authorities
* [ ] Tor announced it’s doing a bug bounty, looks like it’ll be internal
* [ ] Steam had a DoS that revealed 34K user details
* [ ] Linode has been suffering a massive DDoS on its datacenters, DNS infrastructure
* [ ] Spy files found in North Korea’s Operating System

Ideas, updates, and discussion

* [ ] 3 things you should do every January
* [ ] Web Scanner Series: Burp vs. Netsparker
* [ ] When you’re interviewing, make sure you make it clear that you’re the asset too, not just them
* [ ] Failing at the basics in intelligence and infosec
* [ ] Why Trump is Winning
* [ ] Sensitive data sent in URL over HTTPS
* [ ] Difference between correlation and causation
* [ ] Paul Graham’s REFRAGMENTATION post
* [ ] The relationship between Relaxation, Fun, and Performance
* [ ] Michael Coates makes the argument that false negatives are way better than false positives because false positives create unnecessary work for his team
* [ ] Brainstorm questions, not solutions

Tools and projects

* [ ] BLUTO
* [ ] Serpico
* [ ] Firmware Extraction from Craig Smith
* [ ] Vulnerability Database Resources
* [ ] IoT Attack Surfaces Project
* [ ] RobotsDisallowed Project
* [ ] Nowhere.net (CyberPunk)
* [ ] EyeWitness
* [ ] REST Security Cheat Sheet
* [ ] Censys.io
* [ ] GithubDorks
* [ ] InstaRecon (DNS lookups, whois, shodan, google dorks, etc)
* [ ] twfactorauth.org

Announcements

* [ ] Speaking at OWASP Cali end of January
* [ ] Currently working on an ICS / SCADA primer

Miscellaneous

* [ ] Need to check out the Benedict Evans blog
* [ ] Serial Podcast / Making a Murderer on Netflix
* [ ] If you know any Army veterans who are getting out and want to get into InfoSec, let me know
* [ ] Twitter account: CISSP Googling
* [ ] Sam Altman (Startup Playbook)

[ Subscribe to the Podcast: iTunes | Android | RSS ]

Notes

* The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Security and Obscurity

13 december 2015 | 10 min

T1SP: Episode 21

13 december 2015 | 18 min

Take 1 Security Podcast: Episode 20

7 december 2015 | 24 min

Corporations Don't Want Employees

17 november 2015 | 4 min

Take 1 Security Podcast: Episode 19

16 november 2015 | 31 min

Topics for this episode:

News and analysis

* [ ] A couple of months into my job with IOActive
* [ ] Paris Attacks: resilience vs. prevention
* [ ] Updating the OWASP IoT Project (no longer the Top 10) It’s an umbrella project.
* [ ] Adding to the IoT project the SCADA Top 10 List (read the list), and Nabil Ouchn is going to be project leader on that project
* [ ] Pentagon farms coding to Russia
* [ ] Crypto email service pays ransom, gets taken out anyway
* [ ] Blackout Europe shows vulnerabilities in LTE. Forced leak of location within 2-KM radius. Were also able to block LTE and force 3G or 2G.
* [ ] Onapsis talks SAP HANA vulnerabilities. They’re config issues, and aren’t patchable, and include: remote file writes, remote directory deletions, moving files to where they can be access remotely, remote command execution, and remote python execution. To fix, you have to upgrade to the latest version and reconfigure your system. Also two issues with the database that allow HTTP RCE and SQL RCE.
* [ ] TPP : how did we even get an agreement that was secret in the first place. Forget the details. This should never be allowed to happen again
* [ ] Linux ransomware now hitting websites (broken by Brian Krebs)
* [ ] Linux.Encoder.1 has a predictable key for its ransomware, and a tool was released to decrypt victims’ systems. Good to know that even attackers make dumb encryption implementation mistakes.
* [ ] Visio smart tracking turned on for 10 million users. Here was the pitch “revolutionary shift across all screens that brings measurability, relevancy and personalization to the consumer like never before!”
* [ ] Ring-0 theory of devops: history of the o-ring. Small thing that everything else depends on. for serial tasks you need A players to have an A process. As you lower the whole thing tumbles down
* [ ] The Chinese Great Cannon: so we know about the Great Firewall, now learn about the Great Cannon
* [ ] Must read article: What ISIS Really Wants, by the Atlantic
* [ ] Two must follows: Gunnar Peterson, and Benedict Evans. Gunnar is brilliant in security, and Benedict works for Adresesen Horowitz

Updates and announcements

* Hit me up at IOActive if you have any security consulting needs.

Notes

* The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.
* It’s better to listen via iTunes or with the player embedded above, but you can also download the sound file directly.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Take 1 Security Podcast: Episode 18

25 augusti 2015 | 27 min

Mr. Robot Episode 3 Review

19 juli 2015 | 19 min

[ NOTE: There are spoilers below, not just for this episode but for the show in general. ]

Enough people have asked me to start doing reviews of Mr. Robot episodes that I’m going to have a go at it. The deciding factor was the fact that I had such a strong desire to write during the third episode.

I’m going to start here with thoughts on the show in general, not just on episode 3.

Mr. Robot in general

The character

The main protagonist is an interesting character. He is what the writer evidently wants to capture, or actually believes to be, the template for a true hacker, which is highly damaged.

I am quite struck with the focus that is placed on how truly messed up he is. He has major drama with the way his father was killed. He largely hates society. He has deep personal depression. And he’s a user of narcotics.

I’m left thinking along the lines of a Hemingway type of artist, where the best creativity (in this case hacking) comes from those wo are the most tortured internally. Painters, musicians, etc. We’re familiar with the template.

This redeeming qualities, which the writers take equal efforts to highlight, are the desire to protect people, his love for the blonde girl, and a general but understated willingness to fight back against the soul-crushing force of our modern, consumerist society.

I really enjoy how he is only actually going to see his psychiatrist because he’s trying to help her, and if she’s actually going to help him it’ll kind of be on accident.

He deeply analyzes people and sees if they’re good, or weak, or in need of help, and then if they are he kind of hates them less because of this. And he is willing to use his superpowers to help them as a result, like when he pushed that guy out of his psychiatrist’s life.

The tech

Before going into the various problems, it must be said that the information security writing has been exemplary. I’d say definitely the best we’ve seen in either movies or “television” (whatever that is).

That said, there are a number of missing links in the armor.

On one of the first episodes, possibly the first, I noticed an IP address with a final octet in the 300’s. That’s just an editing miss, but it did take me out of the fantasy.

In Episode 2, which I generally didn’t like, I was quite bothered by the destruction scene. Here’s what I think happened there. They wanted to do a destruction scene, they had it all rigged up, and they wrote the story so that he’d do a quick hack and then get spooked enough to do it.

Then they show the infosec writer(s) the story component and they’re like,

Um, no. There’s no way anyone of this skill level would be hacking from his actual IP address.

And they’re like,

Well, we need to do this scene. Most people will miss that, and the scene will be cool enough to make up for it.

So the writer stomps out of the room mumbling about how they shouldn’t have hired him for authenticity if they were going to make such obvious mistakes, and they go with it.

Who knows if that really happened, but that’s how I imagine it.

Comments on modern society

I also find the comments on modern society to be quite interesting. I think it’s a big part of the whole hacker feel.

Hackers have always had this component to their mystique. Being counter-culture. Being underground. Fighting against the man. So the idea that everything is a conspiracy with the rich exploiting the poor, the strong exploiting the weak, and everything being about selling advertising and the dominance o...

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Take 1 Security Podcast: Episode 17

12 juli 2015 | 26 min

Take 1 Security Podcast: Episode 16

7 juli 2015 | 7 min

Take 1 Security Podcast: Episode 15

29 juni 2015 | 14 min

Take 1 Security Podcast: Episode 14

15 juni 2015 | 23 min

Take 1 Security Podcast: Episode 13

12 juni 2015 | 43 min

Take 1 Security Podcast: Episode 12

8 april 2015 | 14 min

Take 1 Security Podcast: Episode 11

30 mars 2015 | 17 min

Play Podcast

START CONTENT

* Twitch, a game streaming service owned by Amazon, was hacked last week

* Passwords, emails, usernames, addresses, phone numbers, dates of birth
* Amazon bought them last year for almost 1 billion dollars

* Bar Mitzvah attack on TLS

* Requires that you can sniff traffic
* Basically an RC4 problem
* Solution is to remove it from your supported algorithms

* GitHub Has been hit by a massive DDoS attack

* Apparently from China

* CSRF vulnerability found in a wind turbine

* Allowed you to pull usernames and passwords
* Also allowed the password to be changed for the default user, which had admin access

* CSRF vulnerability exposes Hilton customer accounts

* There was an account rotation issue where you could gain access to their account as long as you could guess their 9-digit username

* Snowden says IT workers now the targets of spies

* They’re not going after their information, but to use them for access to networks

* Premera hacked on same day as Blue Cross (January 29th)

* Same story: encryption, know your network, etc.
* Also same story: health data is harder to clean up from because it involves PII that cannot easily be changed
* More speculation around these attacks is that they’re data gathering for larger attacks on government networks

* Apple Acquires FoundationDB

* Fast NoSQL database probably to be used for its increasing entry into the services market

* Researchers use heat to breach air-gapped systems

* Everyone knows that an airgap is the best defense
* Ben-Gurion University came out with BitWhisper
* Now bidirectional using malware on both systems that controlled heat creation and detection
* Only 8-bits per hour

* BioCatch, Zumigo, Alibaba release tools to identify users

* I used to work with a technology called BioPass
* Uses what you do with your mouse, scrolling, how you smile via selfie, compares habits, your current location, etc. Similar to existing fraud detection just with more data points
* Really cool tech, needs to be used with the right authentication level

* Korea investing 5B in IoT and Smart Cars
* Bring Your Own IoT

* Recording audio and video are getting increasingly easy
* Sensitive meetings might become dead zones soon, and perhaps even sensitive work areas
* Some people will say that we already have this risk, but they key is the ease with which it can be done

END CONTENT

Play Podcast

Notes

* I skipped a week due to travel in Asia.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Take 1 Security Podcast: Episode 10

16 mars 2015 | 22 min

Play Podcast

START CONTENT

* There was another SQL Injection bug found in SEO by Yoast

* It required admins to click a malicious link
* Was patched quickly
* It’s the plugins that make WordPress vulnerable

* Attackers are targeting gamers for ransomware

* Virlock is one version of ransomware that not only locks the screen, but infects files
* It’s also polymorphic, so it changes itself every time it runs
* TeslaCrypt goes after gamers, which seems super smart because they are often addicted

* The Hello Barbie doll is recording kids voices and sending the recordings over the Internet for voice recognition

* I get asked a lot about what to do about this kind of stuff
* Start by making a list of everything that can record voice or audio in your home, and determine what kind of controls you have on them
* Assume the worst, even though it’s probably not that bad

* US industrial systems attacked 245 times between October 2013 and September 2014

* Most attacks were against Critical Manufacturing and Energy
* Biggest vectors were spear phishing and port scanning

* CloudFlare aims to defeat DDoS with Virtual DNS

* They want to proxy DNS before it hits customer name server

* The CIA supposedly tried to hack Apple hardware

* The article has come under extreme scrutiny

* Going to be on the Security Weekly podcast with Pau
* Hillary Clinton’s email account dram
* OpenSSL is getting an audit

* Bout time

* Wikimedia is suing the NSA over surveillance
* Spoofing the boss is the best way to phish someone, evidently
* Had a great time at CactusCon in Phoenix

* Did a talk with Jason and saw Dave’s keynote
* Dave’s keynote was about struggling with the basics, not APT
* He asked when a major breach was NOT a dumb mistake

* Someone’s looking to make a Snowden Phone
* Looks like I’ll be on the Security Weekly podcast with Paul

* Going to talk about IoT security and my our OWASP project

END CONTENT

Play Podcast

Notes

* Comments welcome on content and format, as usual.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Take 1 Security Podcast: Episode 9

9 mars 2015 | 13 min

Take 1 Security Podcast: Episode 8

3 mars 2015 | 16 min

START CONTENT

* New SSL attack called FREAK

* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous

* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense

* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default

* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug

* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts

* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay

* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach

* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords

* Expect more of this

* Uber took over 5 months to issue a breach notification

* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access

* This raises the cloud storage issue I blogged about last week

END CONTENT

Play Podcast

Notes

* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Take 1 Security Podcast: Episode 7

24 februari 2015 | 9 min

Take 1 Security Podcast: Episode 6

17 februari 2015 | 12 min

Take 1 Security Podcast: Episode 5

8 februari 2015 | 7 min

Take 1 Security Podcast: Episode 4

2 februari 2015 | 8 min

START CONTENT

* Ghost bug in PHP could affect millions of servers

* Flaw is in glibc, which is extensively by all Linux distributions
* Patch and reboot using yum or aptitude

* The US Army Released DShell, a malware forensics tool

* This is an interesting trend where we see tons of formerly secret groups flock to Github. Great to see

* Reddit released its first transparency report last week

* Says it received 55 requests for user information
* Says it complied with 64% of state and federal requests
* Says it received 218 requests for content removal, and complied with 31 percent of those
* I am pleased to see them releasing these numbers, and I hope more organizations do the same

* The GHCQ was using a program called BADASS to collect data leaked by games such as Angry Birds

* Luckily it only affected the 11 people still playing that game

* Russian dating site, Topface, got hacked for 20 million usernames
* The FBI busted up a Tom Clancy book plot in New York City

* The plan was to get information about wall street trading algorithms and hopefully destabilize the markets
* All they managed to do was embarrass themselves by commenting on how they couldn’t recruit young women

* China is demanding to be able to build backdoors into any code sold to its banking sector

* Some people call this news, but with China we just call this Wednesday

* Apple released a Yosemite update that fixed Thunderstrike, among other things
* Anonymous and Lizard Squad are going after each other

* Anonymous is the famous hacking group known for all sorts of things
* Lizard Squad is known for taking down the XBox and Playstation networks around Christmas time
* Anonymous DDoS’d the Lizard Squad website, and then Twitter suspended a couple of their handles
* Interesting to see these groups going after each other

* BMW and the internet of things is in the news, with BMW owners receiving an automatic push to around 2 million cars

* A vulnerability was present that could allow attacks to spoof cell towers and possibly control onboard systems
* BMW pushed a patch that ensures all such communications go over HTTPS
* It’s interesting that, like printers, cars are likely to become a primary IoT platform just because there are so many of them
* The key is to figure out what normal things exist in the world today en mass, and then imagine those things being connected
* Printers, cars, furniture, clothing, etc. It’s the regular stuff that makes it interesting because of how much attack surface they represent, and how prevalent the perspective they’ll offer into our daily lives

END CONTENT

Play Podcast

Notes

* Intro is from Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Take 1 Security Podcast: Episode 3

25 januari 2015 | 11 min

START CONTENT

* There was an issue with the Marriott website that exposed reservations and payment information. It’s now been fixed
* Police are now using a new radar to see into peoples’ homes without a warrant
* Security budgets are reportedly going up due to the mega-breaches in 2014

* Also leading to higher pay for CIOs
* Anecdotally, I’d say it’s a pretty good time to be in infosec

* A new security startup, PFP Cybersecurity, uses power consumption to detect malware

* Meant initially to be used for SCADA type systems

* The US hacked North Korean computers back in 2010

* This is reportedly the reasons we were so sure they hacked Sony
* Recently leaked documents from Snowden show heavy offense

* Snowden recently talked to Schneier at Harvard about a number of things

* The NSA is becoming increasingly offensively oriented vs. defensive
* The NSA supposedly uses compromised systems as jump points
* Snowden said most NSA hackers are junior enlisted with limited skills

* Russia reportedly hacking for geopolitical gain, not just money
* Millions of gas stations could be at risk of shutdown

* The Automated Tank Gauges can be remotely accessed by attackers
* Could be manipulated to cause alerts
* Potentially could be used to stop the flow of fuel

* Microsoft gave Charlie Hebdo data to FBI in 45 minutes
* Starwood hack based on bad passwords

* Bad passwords, password re-use, and a brute forcing tool
* Account harvesting is rough: user enumeration, weak passwords, and lack of account lockout

* Flash has another major exploit. Update your stuff.
* People continue to be worried that the President’s crackdown on hackers could hurt security professionals

* Congress is meeting on the 27th of January to discuss breach notification

* The wireless in around 2 million cars is highly vulnerable to attack
* A polish company has created Mouse-Box, which is an entire computer inside of a mouse enclosure

END CONTENT

Play Podcast

Notes

* Sorry about the noise part way through. My girl walked in and started unpacking groceries. But when I say one take, I mean one take.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Take 1 Security Podcast: Episode 2

19 januari 2015 | 16 min

Take 1 Security Podcast: Episode 1

14 januari 2015 | 4 min

Unsupervised Learning

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world.

Om podden

Avsnitt

UL NO. 459: New Active 0-day Exploitation, AI That Sees Your Open Apps, The RebootAI Project

A Conversation with Rob Allen from ThreatLocker

UL NO. 458: Ollama Vulnerabilities, Rating AI Using AI, The Mantis Hack-back Framework

A Conversation with Jason Haddix from Flare

UL NO. 454: The First AI Breaches

How My Projects Fit Together (Substrate, Fabric, Telos, Daemon, and Human 3.0)

Human 3.0—The Skills & Mental Frames Required To Thrive In An AI World

UL NO. 452: The New Hotness: NotebookLM

NotebookLM Podcast: David Deutsch, Understanding, and AI

Venture Capitalists Favor Risk-Takers: The Rise of Self-Made Billionaires and Tech Innovators

AI Comedians by 2026? The Future of Comedy and the Turing Test for Laughter

The Alarming Power of Deepfakes

UL NO. 451: Altman Says ASI in "Thousands of Days"

Russia Is Paying Right Wing Influencers?

This Is The Future Career For Creators - Virtual Realities, Economies, and Meaning

My First Thoughts on New OpenAI Strawberry Model ( OpenAI o1-preview)

UL NO. 450: Thoughts on o1-preview and the Path to AGI

A Conversation with Shiladitya Sircar from BlackBerry on DeepFake Threats

UL NO. 449: China Hits US ISPs, NIST CSF 2.0, Russian Intel Attacks, Stagnant Companies...

North Korea Strategy to “Infiltrate” Foreign Companies

How To Find Great People to Work With - UBI & Talent Distribution

Ambition & UBI - Why People Are Working Less

UL NO. 448: TSA SQLi, NYT Github, NK RPM, NVIDIA Mystery...

Google Current State A Waste of Money & Talent

How China is Winning The Energy War

AI The Creative Workflow & The Dangers of Groupthink

UL NO. 447: Sam Curry on Bug Bounty Careers, Slack Data Exfil, The Work Lie

Don’t Judge Yourself Based On What Companies Think of Your Skills

Microsoft Fires DEI Team & The Correct Approach To Diversity

UL NO. 446: AI Ecosystem Components, MS 0-Days, Iranian Campaign Hacks…

Introducing Substrate—An Open-source Framework for Human Understanding, Meaning, and Progress

UL NO. 444: Pizza Meter Intelligence, China Bypasses Bans, Securing AWS Secrets…

Scaling Misinformation With AI

UL NO. 443: North Korean Co-workers, UBI Failure?, AI-Groupthink, GPS Spoofing…

A Conversation with Christine Gadsby from BlackBerry

UL NO. 442: Crowdstrike Analysis, Cannabis=Soma?, NK Github SE, AI Weaponry

UL NO. 441: Substrate, OpenAIs AGI Levels, US Literacy Rates

UL NO. 440: RAID (Real World AI Definitions)

UL NO. 439: Humans vs. AI in Prediction Markets

UL NO. 438: Confusion is a Muse

UL NO. 437: My List of Hard-won Life Lessons

UL NO. 436: Thoughts on the Future of AI & Societal Stability

A Conversation with Abhishek Agrawal from Material Security

UL NO. 435: Making New Things is Post-AI Safety

UL NO. 434: Can You Articulate Yourself in 50 Words?

UL NO. 433: China's Flawed Strategy

A Conversation with Mike Privette from Return on Security

UL NO. 432: Can You Summarize Your Work in a Sentence?

A Conversation on Maritime Security with BlackBerry Threat Intelligence

UL NO. 431: Companies are Graphs of Algorithms

UL NO. 430: The Courage to be Disliked

UL NO. 429: Build Your Career Around Problems

UL NO. 428: Reason to Fear; Reason to Build.

UL NO. 427: AI's Predictable Future

UL NO. 425: The Efficient Security Principle

UL NO. 424: Raising Security's Floor

A Conversation with Jason Meller of Kolide/1Password

UL NO. 423: AI is Becoming Like Reading

UL NO. 422: To Survive AI, We Must Become Creators

A Conversation With Ismael Valenzuela About AI and Threat Intelligence

UL NO. 420: APTs using ChatGPT, Bugs Putin, The good side of AI jobs loss?, AI Monitoring Culture, AI patents, and more…

UL NO. 419: Problem Quality, 0-Day Spyware, LOTL, Ollama + OpenAI

UL NO. 418: DEFCON Moves, AnyCloudDesk, Ransomware Learnings, My Top AI Projects

UL NO. 417: NSA's Broker Buys, AI-Assisted Attacks, Companies Only Want Killers

A Conversation with Shil Sircar from BlackBerry Data Science

UL NO. 416: Tracking AI Agent Activity, 400 SF Cameras, AI Sleeper Agents…

A Conversation with Jason Kikta from Automox

UL NO. 415: It's Raining 9+ CVEs, 40% Job Loss from AI, Invisible Prompt Injection…

UL NO. 414: LastPass Settings Upgrade, Boosting ChatGPT Output, AI Adding Societal Transparency

UL NO. 413: 7 Things to Expect from AI in 2024+, Xi Going Stalin, SSH's Terrapin…

A Conversation with Gabe Bernadett-Shapiro on AI

UL NO. 412: OpenAI's Prompt Guide, My Neovim Overhaul, The UL Character Sheet, And…

UL NO. 411: ChatGPT Repeat Vuln, A UL AI Course!, Revenge Code Deletion

UL NO. 410: The Immigration/Identity Security Risk, Super Soldier Pentagon Talk, Okta&Me Updates, Teachable Agents

UL NO. 408: OpenAI Coup Theory, SEC vs. SolarWinds Analysis, Deepfake D&D Summaries

UL NO. 407: OpenAI Prompt Injection, Leaky GPTs, AGI by 2028, Huberman Routine AI