There's a Linux vulnerability called SACK Panic (among other names) that takes advantage of a kernel feature called Selective ACK. The feature lets systems tell the other side of the conversation how much data it's received, and it turns out it can be overflowed or fuzzed. The former creates a crash, and the latter creates a slowdown. You should patch. And if you have any services facing the internet running Linux, you should definitely patch. More A Florida city paid $600,000 in bitcoin to get ...
Jun 24, 2019•13 min•Ep. 183
The US is supposedly ramping up attacks against Russian power grid through the use of new cyberattack powers granted by Trump. I am happy to hear of this, but it's an example of where we as outsiders can only know a tiny fragment of the story. But any signs that this administration sees Russia as a foe, and are treating it as such, are positive in my view. More Adobe is entering the deepfakes arena by showing off research tools designed to detect manipulated photos. More Target stores have been ...
Jun 18, 2019•11 min•Ep. 182
Some absolutely fascinating research has just come out on what percentages and types of vulnerabilities are actually exploited in the wild . It found that only 5.5% of vulnerabilities discovered between 2009 and 2018 were actually exploited, with most of those being issues with a CVSS score of 9 or 10. The best part of the paper, however, was a discussion of optimal patching strategies , where they looked at different methodologies for what to patch and measured them against each other based on ...
Jun 11, 2019•25 min•Ep. 181
An argument that we should acknowledge grit as one of the most powerful causal factors in success, and figure out ways to bring its benefits to everyone. Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Jun 08, 2019•6 min
A concise explanation of why software continues to have security and quality problems after decades of supposedly trying to address the problem. Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Jun 06, 2019•4 min
The Deepfakes thing is already starting to have an impact, and it didn't even involve actual Deepfake (GAN ML) technology. A video was spread of Nancy Pelosi speaking very slowly and seeming to stumble over her words, which made her look quite bad. The video was virally shared throughout social media on the right. Problem is, it was intentionally slowed down to make her look old/stupid/crazy. What this shows us is that it's not the machine learning that makes Deepfakes dangerous; it's the willin...
May 28, 2019•17 min•Ep. 179
Trump has semi-banned the use of foreign telecom gear, which is really a direct shot at Huawei and China. more Baltimore’s IT systems are still being held hostage after 2 weeks. Of all the cities in the world that I could imagine this happening to, Baltimore is towards the top of the list. If you don’t have good schools or a good police force, I don’t expect you’d have good IT security hygiene either. more Crime is so bad in Mexico that people buy fake mobile phones ...
May 24, 2019•23 min•Ep. 178
My Takeaways from the 2019 DBIR Report M y S ummary The Report The DOJ has unsealed the indictment against those who they believe hacked Anthem in 2015, and they are Chinese Nationals. They didn't reveal the suspected motive, however. But as I wrote about last year, I don't think we need an explanation. I think it's obvious . More An Airbnb host in China has been arrested for watching guests using a hidden camera. More The Mossad has released an interesting challenge in something of ...
May 14, 2019•23 min•Ep. 177
A short essay that attempts to wrap a simple narrative around what's happening with the exodus of the New Left, and what it's doing to the moderate left, center, and right that they left behind. Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
May 04, 2019•11 min
Deepfakes are about to seriously erode our collective ability to tell truth from fiction, and this is already a big enough problem without them. Think of every problem you care about, and realize this represents an exponent on each one. This video captures it extremely well. Link Slack has warned the world that it's being targeted by Nation State actors. I'm glad they said it, but we already knew that. Think of what an attacker could get if they could access any company's internal Slack communic...
May 01, 2019•37 min•Ep. 175
Today's standalone episode of Unsupervised Learning is a political conversation with Jeremiah Grossman, who many of you will know as the founder of Whitehat Security, current CEO of BitDiscovery, Jujitsu Blackbelt, and all-around great individual. In this episode, however, we’re not going to be talking about Information Security, but Politics. We have remarkably different and similar views on politics, which we’ve been discussing in private for years, and we thought now was the ...
Apr 14, 2019•1 hr 46 min
Amazon has many thousands of people doing quality control on Alexa, meaning that they're listening to incoming audio captured on Echo devices. This shouldn't be surprising. The question is how they're doing it, and what policies they have around privacy when doing so. I don't personally see a major problem here. But at the same time I'd never put a Facebook device in my home. To me it's more about the company and its incentives than anything else. Link A number of FBI-affiliated websites were&nb...
Apr 14, 2019•25 min•Ep. 173
Mastercard is looking to create a Digital ID service that can bind your digital presence to your mobile device, which will be able to verify you to various services. Palantir has won an $800 million contract to build the next combat intelligence system (to replace DCGS-A) for the Army. Putin appears to be causing brain drain in Russia. Dropbox has an interesting proposal for improving vendor security assessments. TL;DR: They turned their requirements into contractual points. LOVE IT. Becom...
Apr 01, 2019•19 min•Ep. 171
Multiple governments have now blacklisted Huawei, which Huawei seems very confused by. The best explanation I've heard so far about why this move makes sense for western countries came from Rob Joyce of NSA. He basically said that just like Kaspersky in Russia, the reason you can't trust Huawei is that it's a Chinese company, and even if they're not already infiltrated by the Chinese government, they can be at any moment without anyone knowing that it happened. And there's nothing Huawei or anyo...
Mar 18, 2019•19 min•Ep. 169
This is a description of cyberwar that sounds quite realistic to me, and it's based around the thousand-cuts idea. Ring Doorbells have a vulnerability that allows one to capture clear-text videos and other data from the cameras if you can get on the wireless network that the camera is using. An independent security researcher found the Dow Jones Watchlist database sitting open on the internet. Schneier talks here about how easy it is to influence people in sensitive positions, similar to my post...
Mar 03, 2019•34 min•Ep. 167
OpenAI text spoofing, Twitter DMs, Chinese tracking database, Ponemon Cyber Risk Score, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Feb 21, 2019•24 min•Ep. 165
My takeaways from ENIGMA 2019—one of my two favorite conferences in the world. The US has charged Huawei with stealing trade secrets, money laundering, and fraud. This escalates the already tense situation with China on a number of fronts. An engineer does a Twitter thread on AI-created videos on YouTube. He describes how they are created, promoted, and selected for display in recommendations. Fascinating read. This is a video of thieves scanning a BMW key fob through the wall of the ...
Feb 04, 2019•17 min•Ep. 163
We just released the 2018 version of the OWASP Internet of Things Top 10, and in this episode I talk you through the list and give the philosophy, methodology, and next steps for the project. Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Jan 07, 2019•15 min
German politicians hacked, NSA's new RE tool, Weather Channel tracking, sick TSA agents, Facebook dust tracking, Technology News, Human News, Ideas, Discovery, Recommendations, and the weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Jan 07, 2019•28 min•Ep. 159
Google+ breach, Android flaws, China's long game against the US, Australia's encryption blunder, NYPD drones, and more… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Dec 11, 2018•16 min•Ep. 155
Ukraine malware, China's Black Mirror, DARPA's Mosaic, FBI trolling, Silicon Valley jobs, Technology News, Human News, Ideas, Trends, & Analysis, Discovery, Notes, Recommendations, and the weekly Aphorism! Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Nov 26, 2018•15 min•Ep. 153
OWASP IoT Top 10 Draft, Facebook compromise, Fornite cheating, Pentagon weapons, spam calls, technology news, human news, ideas, discovery, recommendation, and the weekly aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Oct 25, 2018•12 min•Ep. 147
AMA Summer 2018 , Security News, Technology News, Human News, Ideas, Discovery, and the weekly Recommendation and Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Sep 04, 2018•59 min•Ep. 141
TLS 1.3, BurpSuite Improvements, Google Ad Database, Russian Attack Sattelites, Amazon Theaters, Google AI Cooling, Wheat Genome, Giant Magellan Telescope, Carb Ratios, Leg Exercise and Cognitive Health, Ideas, Discovery, Notes, Recommendations, and the weekly Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information....
Aug 20, 2018•18 min•Ep. 139
GRU ATT&CK analysis, Assange to the UK, Cisco backdoors, DARPA electronics, faces from genomes, viz.ai, open plans are bad, Best Buy consulting, ultrasound vs. dementia, 4 day work weeks, ideas, recommendations, and the aphorism of the week! Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Jul 22, 2018•28 min•Ep. 135
Twitter deleting accounts, deepfakes, location leaks, Rekognition, bio databases, juggalo makeup, iOS 12 security, Siri upgrades, and more… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Jul 11, 2018•35 min•Ep. 133
Predicting your credit rating based on the tech you use, Russians attack Germans, WPA3, China bird drones, AT&T and Verison to stop selling our location data, Facebook red team, Twitter Smyte, plus tech, humans, discovery, and more… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Jun 26, 2018•30 min•Ep. 131
Reboot your router, China hacked a U.S. Navy contractor and stole around 600GB of top secret data. Newark, NJ is monitoring much of the city with surveillance cameras, and they're making the camera footage available to the public. Facebook also shared data with a number of Chinese companies. Tech, Humans, Ideas, Discovery, Reconmendations, Aphorism… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information....
Jun 12, 2018•11 min•Ep. 129
Pentagon background checks, China using machine learning in schools, Rusian ethnicity detecting AI, US Military presence in Africa, Atlanta lost dashcam footage, Kidnapping insurance, Technology News, Ideas, Recommendation, Aphorism, and more… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
Jun 04, 2018•11 min•Ep. 128
VPNFilter botnet, Echo private convo, Ghostery GDPR fail, PornHub VPN, Technology News, Human News, Ideas, Trends, & Analysis, Discovery, Recommendations, the weekly Aphorism, and more… Become a Member: https://danielmiessler.com/upgrade See omnystudio.com/listener for privacy information.
May 29, 2018•10 min•Ep. 127
