Take 1 Security Podcast: Episode 6

Amazon has many thousands of people doing quality control on Alexa, meaning that they're listening to incoming audio captured on Echo devices. This shouldn't be surprising. The question is how they're doing it, and what policies they have around privacy when doing so. I don't personally see a major problem here. But at the same time I'd never put a Facebook device in my home. To me it's more about the company and its incentives than anything else. LinkA number of FBI-affiliated websites were hacked, and information on thousands of federal agents and law enforcement officers are now being sold online. LinkChinese schools are using facial recognition on students, and using ML to determine whether or not they're currently paying attention, distracted, etc. LinkSift is a service that builds a risk profile on you so merchants can determine whether you're a benign actor or someone about to commit fraud. I think people need to accept that continuous risk scoring for people and situations is both inevitable and actually already happening. The moment you try to block bad actors by looking at their behavior, you quickly end up with a score that determines action based on various thresholds. And the moment you do it for bad actors, you're kind of implicitly doing it for good actors as well. There are better and worse ways to approach this, but profile scoring is not something we're going to be able to avoid going forward. Let's accept this reality and start having the conversations about how to make (and keep) this functionality as benign as possible. LinkA Dutch F-16 was damaged by rounds from its own 20MM cannon. So it fired bullets, and then flew into them. Life is awesome. LinkBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Apr 201924min

Mastercard is looking to create a Digital ID service that can bind your digital presence to your mobile device, which will be able to verify you to various services. Palantir has won an $800 million contract to build the next combat intelligence system (to replace DCGS-A) for the Army. Putin appears to be causing brain drain in Russia. Dropbox has an interesting proposal for improving vendor security assessments. TL;DR: They turned their requirements into contractual points. LOVE IT. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

1 Apr 201919min

Multiple governments have now blacklisted Huawei, which Huawei seems very confused by. The best explanation I've heard so far about why this move makes sense for western countries came from Rob Joyce of NSA. He basically said that just like Kaspersky in Russia, the reason you can't trust Huawei is that it's a Chinese company, and even if they're not already infiltrated by the Chinese government, they can be at any moment without anyone knowing that it happened. And there's nothing Huawei or anyone else could do to stop it. Strong argument. Link2/3 of Android antivirus apps are hot garbage. Gasp. LinkDARPA is building an open-source, secure voting system. That's their goal, anyway. I'm skeptical of being able to build truly secure systems, but I have lots of confidence in DARPA, and I also know the bar for improvement over the current state is quite low. So, yeah, go forth and prosper. LinkThe RAND Think Tank conducts wargames between the U.S. and its potential enemies, such as Russia and China, and one analyst said that we keep losing. The issue seems to be that our key advantages can be neutralized rather easily, and it'd take a lot of money to fix the biggest issues. LinkBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

18 Mar 201918min

This is a description of cyberwar that sounds quite realistic to me, and it's based around the thousand-cuts idea. Ring Doorbells have a vulnerability that allows one to capture clear-text videos and other data from the cameras if you can get on the wireless network that the camera is using. An independent security researcher found the Dow Jones Watchlist database sitting open on the internet. Schneier talks here about how easy it is to influence people in sensitive positions, similar to my post on China building a database on us.…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

3 Mar 201934min

OpenAI text spoofing, Twitter DMs, Chinese tracking database, Ponemon Cyber Risk Score, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

21 Feb 201923min

My takeaways from ENIGMA 2019—one of my two favorite conferences in the world. The US has charged Huawei with stealing trade secrets, money laundering, and fraud. This escalates the already tense situation with China on a number of fronts. An engineer does a Twitter thread on AI-created videos on YouTube. He describes how they are created, promoted, and selected for display in recommendations. Fascinating read. This is a video of thieves scanning a BMW key fob through the wall of the owner's house, and driving away in their car. It could be that proximity-based security devices might need a trigger event (from the owner) before becoming active, like for mobile payments.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

4 Feb 201916min

We just released the 2018 version of the OWASP Internet of Things Top 10, and in this episode I talk you through the list and give the philosophy, methodology, and next steps for the project.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

7 Jan 201914min

German politicians hacked, NSA's new RE tool, Weather Channel tracking, sick TSA agents, Facebook dust tracking, Technology News, Human News, Ideas, Discovery, Recommendations, and the weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

7 Jan 201928min