News & Analysis | No. 279

moved from installing malware networks. This was back before like 2018 to attacking cloud email services such as Microsoft's Office 365, password spraying and targeting VPN services and a whole bunch of other tidbits as well. But the they collaborated again, like we're seeing a lot from the government right now and releasing these joint reports, talking about how people can look for signs of compromise, signs of attack, and just

generally collaborating and communication, which I think is fantastic. Says also released an advisory around Arktos Systems, Real-Time Operating Systems for. Industry experts have submitted an 81 page report to the

Bush administration aimed at coordinating efforts to counter ransomware. They are looking to unify into a task force that helps disrupt the problem, using a combination of techniques, including disrupting payments, prosecuting attackers and disrupting services that support the ecosystem, including forums where services are sold. Python Library IP address is vulnerable to a critical IP address, validation vulnerability first found

in the Net Mask library earlier this year. This particular issue basically causes leading zeros to be stripped off of addresses, which is allowing attackers to bypass filters. So basically, you can't really tell what's going to get allowed through based on what's being sent because it's doing some wonky stuff with the input. So we definitely want to patch that, I think this is introduced in Python three to three.

If I'm remembering correctly, but either way, you want to make sure you're running the latest version of chicken or at least that you have this patch installed. Krebs says Experian has a leaky API that exposed most Americans credit scores for some period of time. Independent researcher that found this as usual and brought it to Krebs and Krebs

says the story on it. Census found more than one point ninety three million databases exposed to the Internet on cloud servers, so it was looking for a whole bunch of databases and it found mostly Misako, followed by PostgreSQL and Breadths. Kaspersky says it found new malware, which it believes based on a bunch of patterns within the code, it believes it was created by the CIA. The NYPD has canceled the use of its robotic dog due to

public backlash. And they're complaining because they're saying this thing would have saved a lot of people or helped a lot of people and avoided putting people in bad positions, especially police in bad positions. But I don't know if you make something that looks like a black mirror episode, I think you can expect bad things to happen. U.S.

Navy SEALs are shifting from counterterrorism to global skills, which are more technology oriented, such as electronic warfare in the use of unmanned systems, also known as drones, for the purposes of collecting intelligence. And they're evidently heading more towards the boats, which they used to operate from in the past. As opposed to doing counterterrorism in the desert and other places.

Microsoft released updates to at least 110 security issues in its monthly patch Tuesday release, including for updates to exchange. They've also identified two dozen so vulnerabilities and Iot and devices, and they're collectively being called Bad Elich because they're due to memory allocation problems. Cisco firewalls have several remote, accessible vulnerabilities that have patches available, there are patches out for Sumba,

and TuneUp is warning of each Lucker ransomware. If you have tuned up, find a way to not have a tune up, that's my current advice. Park Mobile had a breach that exposed license plate and mobile number information for 21 million users and Vectorized raised 130 million dollars to do a power saw. Technology news, Google is experimenting with new office designs as employees return from covid, they're mostly thinking about September ish or 1st returns back into the offices.

They're going to be strongly encouraging, but not requiring that returning people are vaccinated. In the meantime, they've saved around one billion dollars by not having employees on site. But I think that's a separate calculation than determining whether or not they've actually increased or decreased productivity with the remote workforce. That'll be separate information to factor in their. Amazon is spending one billion dollars to raise operation workers pay by

up to three dollars an hour. Tesla's upgrading its Powerwall two systems to Powerwall plus, which have the same capacity but higher surge output. They're trying to basically make like a decentralized power grid using their own products, which it's very much like really like it. I love the idea. The Linux kernel now has over one million commits. When

or how many are malicious? Really think someone to do a full audit of this thing just seems nasty, especially given that recent University of Minnesota, I think, where they did a project, it got approved by the ethics board to actually submit malicious code to see if it got caught, which it didn't. And that's why that whole university is

now banned from submitting code. But it seems like people are just mad because they exposed an ugly truth, like we need more people doing this kind of thing, you know, red teaming, something that's used by billions of devices and systems. Is it trillions? I don't know, but definitely billions. Companies, Amazon's net sales increased 44 percent in the first quarter of 2021, Microsoft's revenue increased 19 percent in the first quarter, and Google's revenue grew 34 percent in the first quarter.

Humanos Fizer is currently testing a covid cure with 60 individuals, and if successful, this would be used in patients who already have covered as opposed to the vaccine, which is used to prevent getting it. They said basically in the story, which, you know, it's journalism, but they said it attacks the spine of the virus and basically tears it apart. Really exciting. Probably exciting for the company as well, if they were to be able to have this and the vaccine sometime.

The measures taken to control the spread of covid have nearly eliminated influenza worldwide, U.S. deaths from the flu in twenty to twenty one season was around 600, and in the two years before it was twenty two thousand and 34000 respectively. California is looking to stop messily from taking millions of gallons of its water. Global electric vehicle sales grew 41 percent in 2020. Soaring lumber prices are adding 36000 dollars to the cost of new homes. Biden has

proposed ARPA dush each he dorper for cancer. I think this is brilliant. Absolutely love it. It seems like they would call it like Karpas or Harpa. Just to keep the naming convention with Dapo, which is very recognizable. H doesn't have the same ring to it. Over 3000 cargo containers fell off ships last year, and we're already past that pace by a long shot because a thousand have already fallen into the ocean in 2021 due to pressure to speed up deliveries, causing more accidents. There's now a

journal of controversial ideas, the JCI. Can't wait to see what they publish. And a new study shows that consumption of sugar sweetened beverages and high BMI independently are associated with lower testosterone in men. Content, ideas and analysis explaining threats, threat actors vulnerabilities and risk using a real world scenario. This is my expansion of a tweet by my friend Casey Ellis on how to think about these key infosec terms. What's the read if you ever have to get into

these debates with. Friends and coworkers. A summary of biology Srinivasan Thoughts on the future, my passing of a fascinating for our conversation between Balaji Sreenevasan and Tim Ferriss, where they're talking about the ideas of cities becoming a lot more different from each other politically and attracting completely different types of people like Austin seems to be tech plus libertarianism, for example. Portland seems to be like hippie and anti authority.

So assuming people are mobile enough to pick up and move, this could be a fascinating effect over time. Very significant effect over time. I think it really does depend on who can just pick up and move. I feel like that's not a super common thing, requires money to move and to have a job where you're going, that kind of stuff. And but, yeah, it would make different cities become kind of natural experiments around innovation and standard of

living and stuff. I think it's really cool. I love the idea of the states being independent for this reason, but this is like one of biologies ideas here was that mayors are going to become more like CEOs. So they'll have a lot more control and a lot more innovation going on and that will increase the variance that you see inside of these different cities. So I think

it's a really cool idea. Notes I Finished Our Mathematical Universe by Max Tegmark, and I really think about the greater existence of like universes, multiverses and stuff like that in a completely different way. So I highly recommend this book for anyone who likes Hawking, Sagan, Tyson or anything related to cosmology. It'll blow your mind, this book will. Currently rereading the Red Queen, which is the book of

the month, and you should definitely come join us. As you may have noticed already, we launched our new logo as part of our ongoing site design update, and it's not just a new visual, has a lot of meaning built into that, which I talk about in the launch post, which I have linked to you in the newsletter. And the you bookclub speaking, that is absolutely thriving. We're talking about doing actually more meet ups, including a new midmonth meet up with a rotating topic. We're talking about talking

about the future. We're talking about career conversations, exploring interesting questions and seeing what each of us thinks just kind of going around the table. And Tim, who's a big part of our community and also runs his own community in east Texas. He's already got a plan for how we can lay out like 12 of these going for a year out and basically have them all scheduled out and really cool sort of theme in concept to each one.

So looking forward to that. We're also thinking about. Additional meet ups, actually in regular space and meatspace, actual physical meet ups, if that becomes a safe thing to do. And the first one we're thinking about is a dinner at Black at DEFCON next year, definitely not this year. I'm not going I don't know who is, but. I won't be there, but we're thinking for 20, 20 to a dinner and also maybe a weekend getaway in Big Sur where we bring family so we can actually go.

So that would be like during the day you spend time with family or whatever, you know, family and kids and whatever you're doing to be able to get yourself out there to Big Sur. And then in the evenings, the other group would get together and we would have dinner or, I don't know, drinks, tea. I have no idea what would be available there. But we would just hang out in like a common area or outside, I don't know. Do star walks like all kinds of astronomy

stuff we could do, but mostly conversation hanging out. Same way we do in the book clubs and other meet ups. So that's the idea. And yeah, our monthly meet up the book club itself has become a favorite event of the month for a number of our members and definitely me included. And it just turns out it's a lot of fun to talk about interesting topics with a bunch of smart and pleasant people. It's like the Internet. We were all promised, but so often never materialized. So few

are not a member. You should consider signing up and coming to join us. Be a lot of fun. Discovery profiler, A.S. Tool for finding social network profiles, one thing that these tools are good for is looking up your own profile and making sure that you either delete these accounts or that you have them locked down properly. So if, you know,

you probably have multiple usernames over your. The course of your IT career, but plug them into a tool like this and, you know, you might get like 55 hits, come back and be like, oh, I forgot that police existed. And maybe it has like the dumbest password ever, which is now in a million different leaks all over the place. And you could just use it as a tool to

clean up after yourself. Whether Spark get a remarkably accurate visual and description of the weather in any city, I put the send for my home city and the city I'm hoping to move back to soon. And it was yeah, it was it was remarkably interesting, like really accurate. And a couple of other people I know have tried to

get the same results. My friend Alejandro Hernandez at bioactive where I used to work, has released new research on how stock prices are affected by vulnerabilities and breaches, and he's presenting his findings at Blackheart Asia. So congrats to Alejandro on that. Gizzi release the world's smallest back door, really? Cool looking little back door here. Other new U.S. federal sea services, zero trust. And this one's crazy, it turns out we've all been using our trash bags incorrectly, so

they're actually shipped to us inside out. So if you look at if you just take one out of the bag or the box. You'll see that the seam is like facing you. You think that, oh, that's how it's supposed to be. No, supposed to be that way. It's actually inside out. And the reason for that is you're supposed to just open it. Turn it upside down, so the opening is facing down and then put it over the outside of the trash can, then you just take the rest of the bag and stuff it down in

the middle and now it's right side in. And you didn't actually have to do all the shenanigans to get it in there. So you put it on like a hat and then push it down through the middle. Who knew? I saw this one tick tock, I didn't want to link to tick tock, so I'm linking to a YouTube video describing. And the army has a new night vision goggles and the visuals on these things look completely awesome. So I was in the Army. I used to just love playing with these night vision goggles when I was

on duty and. Yeah, these the old ones were like this really kind of washed out green looking, which you've probably seen in a million movies, and that's exactly how they looked. It wasn't much contrast, very little depth of field. Like there's a bunch of problems, these new ones. There's like a white outline around everything. It's like very some quite predator looking because Predator was actually worse than us. But it's actually has detail. It's a white it's a

white visual instead of green. Which automatically seems to make the contrast better. It's just very cool looking, actually have a link to some of the video. In the show. Got a cool list here of significant cyber incidents, which I said on Twitter. I really wish this was a spreadsheet so someone can make that happen. That would be awesome. And got a link here to all cause mortality statistics

for each US state. And evidently, it's mostly updated. There are a few stragglers states, I think they said North Carolina is kind of lagging on data, but it's mostly up to date and accurate. And it just shows a massive number of what is its deaths that don't have a reason. And I forgot there's a term for it. It's like unaccounted for or something. But ah, no cause is at no cost us anyway. It's in, it's in

the report and. It's fascinating. I mean, there's so much additional numbers here, so I think what it really means is the COVA numbers are likely to go up significantly because they're just the proper attribution has been done. But definitely worth taking a look at that visual. Got another article here, welcome to the YOLO economy. This is from New York Times, pretty good essay and how to make

your voice sounded more attractive and competent. This is a BBC article and they're saying could also be the reason for vocal fry, which is like what I try to do just there, which is where you slow down your voice and it drops very low. And evidently, it's supposed to signify competence in some sort of way. There's a pretty good article. Recommendations, if you like, thinking about the future across tech policy, government, etc., you really should listen

to this conversation with biology that indicated above. It's on the Tim Ferris podcast, which I haven't been listening to Tim Ferriss much, honestly. But I do listen when I hear a cool topic or a cool guest and this one, it blew me away. It is almost four hours, so I will warn you about that. I listened to 2x on YouTube. So was it four hours for me? But I took a lot of notes. I actually wrote that whole post, which is the summary of it, trying to

capture all the ideas. But I'm telling you, if you think about the future, if you like the future stuff that I talk about, you should listen to this guy. He's an investor. Andreessen Horowitz, like, really cool guy, happens to have a PhD from Stanford, which he never mentions, just a really smart guy and has some really interesting ideas about where the future is going, especially as it relates to crypto. That's kind of his thing about crypto.

So biology. Definitely recommend that you follow this guy and start by listening to this episode on the team first podcast. And the aphorism for the week. Everyone you meet is fighting a battle you know nothing about, be kind always. Everyone you meet is fighting a battle you know nothing about the kind always. Robin Williams.