Unsupervised Learning is about ideas and trends in Cybersecurity, National Security, AI, Technology, and Culture—and how best to upgrade ourselves to be ready for what's coming.
Ring Sued, Mean Time to Hardening, APT20 2FA, China Base Pictures, China Satellites, Angled Toilets, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Mobile Tracking, Chinese Drone-Flu Terrorism, Message Spying, Bing Misinformation, 23andMe GlaxoSmithKline, Spam Laws, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Pentagon vendor requirements, Ring camera freakout, Bluetooth Thieves, Palantir Pentagon, Amazon Rekognition, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Vietnamese BMW APT, Defense Contractor Prep, China replacing a culture, HackerOne Cookie Snafu, Chinese Also Worried About Privacy, China Mobile Face, CDC Flu Warning, AWS Sagemaker, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information....
Spam trends, CWE's latest 25, Uber audio recordings, Uber unauthorized drivers, Chinese research theft, Google state-actor notifications, bluetooth burglars, Nixon deepface, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information....
Google health care, Google checking, Github open source, China policy hack, Hactivist bounties, healthcare attacks, facial protests, OSINT CTF, surveillance robots, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information....
Capital fired, DHS biodata, Twitter insiders, Baltimore Cyber Insurance, Airbnb Assessment, Google Play Malware, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Unify drama, Fancy cheating, NSO lawsuits, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
200th episode!, White House cyber vacancies, AT&T SIM bribery, South Africa ultimatum, climate change power crash, Bahgdadi dead, RuNET, NYT insanity, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information....
Stolen Cards Stolen, Autoclerk Hacked, TeamViewer Hacked, Russia Pretending to be Iranian, JackSpotting, Pixel4 Faces, FrenchFacRec, Samsung Fingerprints, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information....
Eye reflection EXIF, WiFi gait, Russian Cyber Clusters, Russia African Americans, China Pressure, VPN drama, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Yahoo creep, DarkNet, E2E encryption, Cyber talent, RandomDeath, Private Data Property, Eyeballer, plus Technology News, Human News, Ideas Trends and Analysis, Updates, Discovery, Recommendations, and the Aphorism for the week! Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
New York is suing Dunkin (Donuts) for not revealing breaches in a timely manner (going all the way back to 2015), which is says jeopardized their customers. Good for New York. It's one thing to be breached: it's much worse to try to pretend it didn't happen. More NPR wrote an extraordinary piece on how the US penetrated ISIS' communications infrastructure and basically tore it down from the inside. It includes significant details on the operation, which made me cringe as I read them b...
Here's the new MITRE 2019 25 Most Dangerous Software Errors . Memory corruption bugs are huge right now. More There's a ton of recent DDoS activity that's leveraging IoT devices for UDP amplification attacks. Specifically, the WS-Discovery service (WSD) is being used because the response to request ratio is so large (from 43% to 15,000%). More There's a lot of chatter out there about Snowden due to his new book coming out, the NSA suing to keep him from making money off of it, him saying h...
Not sure how this isn't bigger news, but Saudi Arabia shut down half its oil production after a number of drones attacked the largest oil processing plant in the world. Yemeni rebels claimed credit, but the US blames Iran. More DNS over HTTPS is coming to Chrome as well, so it's not just Firefox. So this is basically where browsers have a preferred DNS server, which works over HTTPS, and ISPs therefore won't be able to see every DNS request that users make. This will be a good thing for reducing...
AIG says BEC has overtaken ransomware as the primary claim type against their cyber insurance policies in EMEA, accounting for 23% of claims. More Paper The NSA Cyber Chief wants to share digital threat information early and often. I like the fact that they're opening up a bit, and I think it's only good for everyone (except bad guys). The more they share the higher the bar is for attackers, and the less time they have to use certain TTPs. This is exactly the type of Government-Indu...
Ring has already partnered with over 400 police departments. As you know, I'm torn on this kind of tech. Neighborhood watch can be a good thing, and it can also be a bad thing. Technology tends to magnify both weaknesses and strengths, so it can make neighborhood watch really great, or it can turn it into a nightmare. The problem is that you can easily start on the positive side, build it all the way up, and then in a few legal, policy, and tech changes have it turn into the oppressive form. Som...
Protestors in Hong Kong are physically attacking and destroying facial recognition cameras. More Palo Alto says 7 out of 10 new domain registrations (NDRs) are either malicious or not safe for work, and they encourage companies to block them. More Lt. Gen. Fogarty is fighting to change the name of Army Cyber Command to Army Information Warfare Command, and to give the group a much larger scope in its mission. More We continue to see attacks against open source supply chains, in packages like NPM...
The terms intelligence, information, and data are thrown around pretty loosely in most tech circles, and this inevitably leads to people confusing and/or conflating them. What follows is a simple explanation of how the related terms are different from each other, and how they work together. Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information....
There are some seriously nasty Windows RDP bugs out there. If you have RDP facing the internet, make sure you're patched. And try to get to VPN as soon as possible. More A huge survey of firmware security has found virtually no improvement over the last 15 years. People seem surprised by this, but it is exactly what I would have predicted based on my analysis here . Basically, for most people not in the industry, our current state is actually fine. More NYPD has over 82K peoples' DNA in a ...
Ring is developing two-way relationships with hundreds of police departments in the US. This allows Ring users to be alerted to crime in their area via 911 data, and police departments to pull video from participating Ring devices. This is the type of functionality that most people will see and think, “Wow, I'd love to have that!”, which is why it's going to be very successful. But it's also one tiny step away from something terrifying. More A number of critical bugs in VxWorks are g...
Marcus Hutchins got off with time-served, and people have feelings. The range basically goes from 'he did nothing wrong', to, 'he should rot in prison'. In my mind this outcome was close to perfect. Remember, he went through two years of hell since being brought up charges, he's still a convicted felon, and he also is largely banned from the US . I think it's good that he admitted guilt, faced consequences, and is being offered a chance to continue giving back to the community. More Attorney Gen...
Unpacking the evolution-granted bliss of prep schools and elite institutions, and why they resonate so much with us. Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
The difference between unfairness and bias in machine learning. Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Lots of people in the security community went silly over the FaceApp application last week, basically saying that you shouldn't be using the application because they'll steal your face and then be able to impersonate you. Oh, and then it turned out to be a Russian company who put out the application, and that made it 100x worse. The problem here is the lack of Threat Model Thinking. When it comes to election security, propaganda discussions, etc., I am quite concerned about Putin's willingness a...
An essay on why time can feel like it's speeding up when you get older, and how to slow it back down. Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Parts of Manhattan had a power outage Saturday night, which happened to be the anniversary of another power outage in 1977. The power company apologized but didn't explain what happened. The hacker in me thinks this could easily be a probing shot by a sophisticated attacker, or a fun prank by amateurs. But the overwhelming odds are on simple failure. Either way, this country needs to get a whole lot more resilient to small attacks, because enough small ones can quickly become a big one. More Zoo...
The Telegraph has found strong links between Huawei employees and Chinese intelligence agencies. The Huawei counter was that this was extremely common among telecom companies, and that it wasn't a big deal. The counter to that counter was, basically, "Well, then why did you try to hide it?" /gg More The NPM security team caught a malicious package designed to steal cryptocurrency. A lot of these packages work by uploading something useful, waiting until it's used by lots of people, and the...
The world being sorted into two different countries—a Green country of the top 10% of income/wealk, and a Red country that's everyone else. These countries are separated not by geography, but by class. Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
I created a new tutorial on OWASP Amass, and just joined the team as a contributor as well. Tutorial Chinese hacking groups have been embedded deep inside multiple major US tech firms for many years, including Fujitsu, Tata, NTT, Dimension Data, and HPE. The first thing you should be thinking is where else they are today. More Amazon is getting heavier into the SIEM space (and perhaps others) with their new Amazon Security Hub offering. It takes in lots of event types from various AWS services, ...
