Take 1 Security Podcast: Episode 10

An argument that we should acknowledge grit as one of the most powerful causal factors in success, and figure out ways to bring its benefits to everyone.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

8 Kesä 20196min

A concise explanation of why software continues to have security and quality problems after decades of supposedly trying to address the problem.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

6 Kesä 20194min

The Deepfakes thing is already starting to have an impact, and it didn't even involve actual Deepfake (GAN ML) technology. A video was spread of Nancy Pelosi speaking very slowly and seeming to stumble over her words, which made her look quite bad. The video was virally shared throughout social media on the right. Problem is, it was intentionally slowed down to make her look old/stupid/crazy. What this shows us is that it's not the machine learning that makes Deepfakes dangerous; it's the willingness of a massive percentage of the US population to believe total garbage without an ounce of scrutiny. It doesn't matter if Deepfakes can be shown to be fake because people are matching evidence to their emotions, not the other way around. The vulnerability is our ignorance and cynicism, not a spoofing technology. And as I wrote about a couple of years ago, this will be used as a weapon against us. More EssayA real estate insurance website for First American Financial Corp was vulnerable to a simple IDOR (where you change the account number in the URL to get another account), and it evidently resulted in the exposure of hundreds of millions of insurance records that included extremely sensitive information. IDOR is still one of the most common and dangerous vulns a web app can have, and for companies like this they can be devastating. MoreThe US Military is trying to learn how popular movements form and evolve, and to do so they're studying 350 billion social media messages. But it's a Bloomberg article, so maybe they're actually studying bullfrogs for clues about hypertension. MoreMoody's has downgraded Equifax's rating in some significant part due to its 2017 cyber breach. This is noteworthy because until now, breaches have largely been spackled over in terms of the major financial perspective and at the 6-24 month timescale. This is a positive indication that companies could actually start taking cybersecurity more seriously, and not just at the CISO and IT level, but from the boardroom down. MoreAdvisories: TP-Link RoutersBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

28 Touko 201917min

Trump has semi-banned the use of foreign telecom gear, which is really a direct shot at Huawei and China. moreBaltimore’s IT systems are still being held hostage after 2 weeks. Of all the cities in the world that I could imagine this happening to, Baltimore is towards the top of the list. If you don’t have good schools or a good police force, I don’t expect you’d have good IT security hygiene either. moreCrime is so bad in Mexico that people buy fake mobile phones so they can give them to muggers instead of their real one. I have to assume this is also happening in Brazil. moreThis is a stunning audio Deepfake of Joe Rogan doing a few different routines. It sounds exactly like him. Not a little bit. Exactly. Now imagine that for politicians and celebrities, where there is plenty of source material to train from. We’re about to move to a world where you can only trust authenticated voices and personalities, using sources and clients that are trusted to serve you their actual content. Expect a massive industry around serving authentic content and detecting fakes. moreSalesforce had to disable access to millions while the fixed an access control issue that allowed open reading of tons of customer data. moreBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

24 Touko 201923min

My Takeaways from the 2019 DBIR Report My Summary The ReportThe DOJ has unsealed the indictment against those who they believe hacked Anthem in 2015, and they are Chinese Nationals. They didn't reveal the suspected motive, however. But as I wrote about last year, I don't think we need an explanation. I think it's obvious. MoreAn Airbnb host in China has been arrested for watching guests using a hidden camera. MoreThe Mossad has released an interesting challenge in something of a spy CTF style. MoreChinese scientists have created a small, portable camera system that uses LIDAR to resolve human features from up to 28 miles away. Good news—it also penetrates smog. MoreBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Touko 201922min

A short essay that attempts to wrap a simple narrative around what's happening with the exodus of the New Left, and what it's doing to the moderate left, center, and right that they left behind.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

4 Touko 201910min

Deepfakes are about to seriously erode our collective ability to tell truth from fiction, and this is already a big enough problem without them. Think of every problem you care about, and realize this represents an exponent on each one. This video captures it extremely well. LinkSlack has warned the world that it's being targeted by Nation State actors. I'm glad they said it, but we already knew that. Think of what an attacker could get if they could access any company's internal Slack communication without being detected. LinkScientists have captured the brain waves of someone hearing speech, run that through an algorithm that created it's own speech from the recordings, and got a 75% recognition rate from humans on that speech. So the algorithm knew what the person heard, and turned that into spoken language that people actually understood. The next step is for the algorithm to know what people thought, instead of heard. In other words, machine learning is taking very close to mind-reading—but we still have potholes and cancer. LinkBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

1 Touko 201936min

Today's standalone episode of Unsupervised Learning is a political conversation with Jeremiah Grossman, who many of you will know as the founder of Whitehat Security, current CEO of BitDiscovery, Jujitsu Blackbelt, and all-around great individual. In this episode, however, we’re not going to be talking about Information Security, but Politics. We have remarkably different and similar views on politics, which we’ve been discussing in private for years, and we thought now was the perfect time to show that it’s possible to disagree with someone, respect them, and have a conversation about those disagreements in a positive and useful way. This is the first experiment of this kind on Unsupervised Learning, and I’m quite pleased with how it turned out. So with that, Here’s Jeremiah Grossman.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Huhti 20191h 45min