Unsupervised Learning22 Juli 2019

Unsupervised Learning: No. 187

Lots of people in the security community went silly over the FaceApp application last week, basically saying that you shouldn't be using the application because they'll steal your face and then be able to impersonate you. Oh, and then it turned out to be a Russian company who put out the application, and that made it 100x worse. The problem here is the lack of Threat Model Thinking. When it comes to election security, propaganda discussions, etc., I am quite concerned about Putin's willingness and ability to harm our country's cohesion through memes and social media. But that does not extend to some random company stealing faces. Why? Because before you can get legitimately concerned about something, you have to be able to describe a threat scenario in which that thing becomes dangerous. As I talked about in this piece, pictures of your face are not the same as your face when it comes to biometric authentication. There's a reason companies need a specific device, combined with their custom algorithm, in order to enroll you in a facial identification system. They scan you in a very specific way and then store your data (which is just a representation, not your actual face) in a very specific way. Then they need to use that same exact system to scan you again, so they can compare the two representations to each other. That isn't happening with random apps that have pictures of you. And even if that were the case, they could just get your face off your social media, where those same people who are worried are more than happy to take selfies, put their pictures on profile pictures, and make sure as many people see them as possible. There are actual negative things that can be done with images (like making Deepfakes of you), and that will get easier over time, but the defense for that is to have zero pictures of you…anywhere. And once again you have to ask who would be doing that to you, and why. Bottom line: authentication systems take special effort to try to ensure that the input given is the same as the enrollment item, e.g., (face, fingerprint, etc.), so it will not be easy any time soon to go from a random picture to something that can full a face scanner or fingerprint reader at the airport. People reading this probably already know this, but spread the word: threat modeling is one of our best tools for removing emotion from risk management.

A contractor named SyTech that does work with Russian FSB has been breached, resulting in the release of 7.5TB of data on the FSB's various projects. This is obviously embarrassing for SyTech and the FSB, but the leaked projects focused on de-anonymization, spying on Russian businesses, and the project to break Russia away from the Internet, which are all known and expected efforts. So there don't seem to be any big reveals as a result of the leak. More

Someone discovered that a bunch of browser extensions were reading things they shouldn't be, and sending them out to places they shouldn't be. This is not surprising to me. Chrome extensions are like Android apps, which should tell you all you need to know about installing random ones that seem interesting. My policy on browser extensions is extremely strict for this reason. People need to understand how insane the entire idea of the modern web is. We're visiting URLs that are executing code on our machines. And not just code from that website, but code from thousands of other websites in an average browsing session. It's a garbage fire. And the only defense really is to question how much you trust your browser, your operating system, and the original site you're visiting. But even then you're still exposing yourself to significant and continuously-evolving risk when you run around clicking things online. And the worst possible thing you can do in this situation is install more functionality, which gives more parties, more access, to that giant stack of assumptions you're making just by using a web browser. The best possible stance is to have as few people possible with access to your particular dumpster. And that means installing as few highly-vetted add-ons as possible. More

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Upptäck Premium

Prova 14 dagar kostnadsfritt

Skaffa Premium

Avsnitt(532)

A Conversation with Faisal Khan from Vanta

In this episode, I speak with Faisal Khan, a GRC Solution Specialist at Vanta, about how their platform is transforming trust management for organizations. We talk about: Vanta as a Trust-Management Platform:How Vanta helps organizations build, scale, and showcase their security and compliance programs through automation, efficiency, and tools like the Trust Center. Key Features and Solutions Offered by Vanta:How Vanta’s integrations automate compliance checks, streamline vendor risk management, and address industry standards like SOC 2, ISO 27001, and CMMC to save time and improve efficiency. Future Directions and AI Integration:How Vanta is expanding into new frameworks like the EU AI Act and leveraging AI to simplify compliance, optimize workflows, and address evolving trends in governance and security.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

28 Jan 39min

UL NO. 465 | The SaaS Attack Vector, Project Stargate, and Undersea Cable Drones

also...Joseph goes independent, Perplexity's new search API, Stoicism's gift, and much more... Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

26 Jan 21min

UL NO. 464 | AI Phishing Matches Humans, Under Sea Cable Cutter Patents, and Siri is About to Not Suck

also...Russia's actual playbook, CISA's new rating system, and everyone's doing robots now Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

18 Jan 28min

UL NO. 463 | Launching 2025, US Soldier Data Leak, AI Agents Emerge, China's Global Spy Network, Robotaxis Now Safer Than Humans

Navigating AI's impact on work, the rise of transnational threats, a grim new reality in air travel, and how to harness the chaos of 2025 for personal and professional growth. Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

11 Jan 44min

UL NO. 462: Full-Face Mask Deceptions, VS Code Tunnel Hacks, Quiet AI Emergence at Apple, and Tokyo’s Three-Day Weekend Gamble

...plus building personal TELOS files, the ChatGPT Pro vs. Claude coding face-off, a human bird flu case in Louisiana, and ketones fighting Alzheimer’s. ➡ Make your app enterprise-ready and start selling to enterprise customers with WorkOS: workos.com Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Dec 202427min

How Much AI Do We Need? - My AI Industry Prediction

In this episode, Daniel Miessler explores how AI can transform our understanding of the present and create actionable paths for a better future. He talks about: The Current State, Desired State, and Transition in AI Applications:How AI frameworks can analyze the current state, define a desired state, and propose action plans to address challenges in education, climate, health, and beyond. The Infrastructure and Scale of AI:Why we’re only at the beginning of building the AI infrastructure required for future demands, from GPUs and data centers to startups pushing the boundaries of what’s possible. The Role of AI in Human and Organizational Development:How AI can revolutionize personal lives, enhance businesses, and solve societal issues by gathering and analyzing massive amounts of contextual data to provide actionable insights. Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one! Chapters: 0:00 - Introduction to Unsupervised Learning Podcast 1:10 - Concept: Predicting AI Infrastructure Needs3:45 - The Challenge of Predicting Technology vs Human Desires6:20 - Exploring AI Infrastructure Metrics (GPUs, Data Centers, Startups)8:55 - Philosophical Insight: Current State vs Desired State 12:15 - AI’s Role in Learning from the Past and Anticipating the Future 14:50 - Addressing Global Issues with AI (Education, Poverty, Climate) 18:30 - Transitioning from Current State to Desired State 22:05 - Context Gathering: Granularity and Technology Limitations 25:40 - AI's Impact on Individual and Family Contexts 29:10 - AI’s Potential in Business: Granularity and Cost 32:50 - Vision of Life OS and Personalized Assistance 36:15 - AI in Society: Predicting and Preventing Problems 40:00 - Infinite Context and the Scaling of AI Capabilities 44:30 - Predictions on AI Context Size and Infrastructure Demand 48:20 - The Importance of Understanding the Current State 52:10 - ConclusionBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

11 Dec 202428min

UL NO. 459: New Active 0-day Exploitation, AI That Sees Your Open Apps, The RebootAI Project

A conversation with Rob Allen from ThreatLocker, UL's Black Friday sale, Finland's internet disrupted, and more... ➡️ Get Your Free Cloud Security Scan with Wiz: wiz.io/ul Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

21 Nov 202423min

A Conversation with Rob Allen from ThreatLocker

In this conversation, I speak with Rob Allen, Chief Product Officer at ThreatLocker. We talk about: ThreatLocker’s Unique Zero Trust Approach to Cybersecurity:How ThreatLocker’s "deny by default, permit by exception" methodology, along with automated application learning and built-in definitions for over 4,000 applications, simplifies allowlisting and enhances endpoint security. Innovations in ThreatLocker’s Control Features:How ThreatLocker’s ringfencing prevents unauthorized application interactions and data access, and dynamic firewalls mitigate risks like lateral movement and ransomware attacks through endpoint-level network segmentation. Recent Developments and Cloud Expansion:How ThreatLocker Detect and Cloud Detect provide advanced detection capabilities for endpoint and cloud environments, including Office 365, enabling anomaly detection, centralized alerts, and proactive threat management. And more. Into (00:00:00)ThreatLocker's Zero Trust Cybersecurity Approach (00:00:31)Understanding Allow Listing in Cybersecurity (00:01:49)Managing Software Updates with ThreatLocker (00:02:13)Automated Application Updates for Over 4000 Programs (00:04:11)Vendor Collaboration for Early Software Updates (00:05:40)Challenges and Risks of Immediate Software Updates (00:06:53)Assuming Breach: A Core Cybersecurity Principle (00:08:10)Implementing Zero Trust Strategies with Ring Fencing (00:09:30)Controlling Application Interactions to Prevent Threats (00:09:50)Advanced Data Protection with Storage Control (00:13:17)Dynamic ACLs for Smarter Network Control (00:15:48)Ransomware Risks from Open Ports (00:16:50)Using Shodan to Identify Open Port Vulnerabilities (00:17:19)Building Application Allow Lists with Contextual Data (00:18:43)Learning Mode for Application and Traffic Visibility (00:19:36)Balancing User Behavior Control and Workflow (00:20:44)Integrating Detection and Control with ThreatLocker Detect (00:21:44)Why Detection is Critical in Cybersecurity Layers (00:22:41)Response Mechanisms and Automated Remediation (00:24:02)Lockdown Mode: Ultimate Isolation from Threats (00:25:38)Streamlined Application Approvals with Cyber Hero (00:26:36)Breaking Down Ransomware Attack Stages (00:27:46)Introducing Cloud Detect for Cloud Security (00:29:39)How to Learn More About ThreatLocker Solutions (00:30:47)Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

18 Nov 202432min

Allt en och samma app

Lyssna på dina favoritpoddar och ljudböcker på ett och samma ställe.

Noga utvalt innehåll

Njut av handplockade tips som passar din smak – utan ändlöst scrollande.

Fortsätt när du vill

Fortsätt lyssna där du slutade – även offline.

Premium

99 kr/ månad

Tillgång till alla Premium-poddar
Reklamfritt premium-innehåll
Avsluta när du vill

Prova 14 dagar gratis

Premium

129 kr/ månad

Tillgång till alla Premium-poddar
Reklamfritt premium-innehåll
Avsluta när du vill
Ett extra konto

Prova 14 dagar gratis

Populärt inom Teknik

Berättelserna och rösterna du älskar att lyssna på

Obegränsad lyssning på alla dina favoritpoddar och ljudböcker

Upptäck Premium