Unsupervised Learning

An argument that we should acknowledge grit as one of the most powerful causal factors in success, and figure out ways to bring its benefits to everyone.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

A concise explanation of why software continues to have security and quality problems after decades of supposedly trying to address the problem.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

The Deepfakes thing is already starting to have an impact, and it didn't even involve actual Deepfake (GAN ML) technology. A video was spread of Nancy Pelosi speaking very slowly and seeming to stumble over her words, which made her look quite bad. The video was virally shared throughout social media on the right. Problem is, it was intentionally slowed down to make her look old/stupid/crazy. What this shows us is that it's not the machine learning that makes Deepfakes dangerous; it's the willingness of a massive percentage of the US population to believe total garbage without an ounce of scrutiny. It doesn't matter if Deepfakes can be shown to be fake because people are matching evidence to their emotions, not the other way around. The vulnerability is our ignorance and cynicism, not a spoofing technology. And as I wrote about a couple of years ago, this will be used as a weapon against us. More EssayA real estate insurance website for First American Financial Corp was vulnerable to a simple IDOR (where you change the account number in the URL to get another account), and it evidently resulted in the exposure of hundreds of millions of insurance records that included extremely sensitive information. IDOR is still one of the most common and dangerous vulns a web app can have, and for companies like this they can be devastating. MoreThe US Military is trying to learn how popular movements form and evolve, and to do so they're studying 350 billion social media messages. But it's a Bloomberg article, so maybe they're actually studying bullfrogs for clues about hypertension. MoreMoody's has downgraded Equifax's rating in some significant part due to its 2017 cyber breach. This is noteworthy because until now, breaches have largely been spackled over in terms of the major financial perspective and at the 6-24 month timescale. This is a positive indication that companies could actually start taking cybersecurity more seriously, and not just at the CISO and IT level, but from the boardroom down. MoreAdvisories: TP-Link RoutersBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

Trump has semi-banned the use of foreign telecom gear, which is really a direct shot at Huawei and China. moreBaltimore’s IT systems are still being held hostage after 2 weeks. Of all the cities in the world that I could imagine this happening to, Baltimore is towards the top of the list. If you don’t have good schools or a good police force, I don’t expect you’d have good IT security hygiene either. moreCrime is so bad in Mexico that people buy fake mobile phones so they can give them to muggers instead of their real one. I have to assume this is also happening in Brazil. moreThis is a stunning audio Deepfake of Joe Rogan doing a few different routines. It sounds exactly like him. Not a little bit. Exactly. Now imagine that for politicians and celebrities, where there is plenty of source material to train from. We’re about to move to a world where you can only trust authenticated voices and personalities, using sources and clients that are trusted to serve you their actual content. Expect a massive industry around serving authentic content and detecting fakes. moreSalesforce had to disable access to millions while the fixed an access control issue that allowed open reading of tons of customer data. moreBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

My Takeaways from the 2019 DBIR Report My Summary The ReportThe DOJ has unsealed the indictment against those who they believe hacked Anthem in 2015, and they are Chinese Nationals. They didn't reveal the suspected motive, however. But as I wrote about last year, I don't think we need an explanation. I think it's obvious. MoreAn Airbnb host in China has been arrested for watching guests using a hidden camera. MoreThe Mossad has released an interesting challenge in something of a spy CTF style. MoreChinese scientists have created a small, portable camera system that uses LIDAR to resolve human features from up to 28 miles away. Good news—it also penetrates smog. MoreBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

A short essay that attempts to wrap a simple narrative around what's happening with the exodus of the New Left, and what it's doing to the moderate left, center, and right that they left behind.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

Deepfakes are about to seriously erode our collective ability to tell truth from fiction, and this is already a big enough problem without them. Think of every problem you care about, and realize this represents an exponent on each one. This video captures it extremely well. LinkSlack has warned the world that it's being targeted by Nation State actors. I'm glad they said it, but we already knew that. Think of what an attacker could get if they could access any company's internal Slack communication without being detected. LinkScientists have captured the brain waves of someone hearing speech, run that through an algorithm that created it's own speech from the recordings, and got a 75% recognition rate from humans on that speech. So the algorithm knew what the person heard, and turned that into spoken language that people actually understood. The next step is for the algorithm to know what people thought, instead of heard. In other words, machine learning is taking very close to mind-reading—but we still have potholes and cancer. LinkBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

Today's standalone episode of Unsupervised Learning is a political conversation with Jeremiah Grossman, who many of you will know as the founder of Whitehat Security, current CEO of BitDiscovery, Jujitsu Blackbelt, and all-around great individual. In this episode, however, we’re not going to be talking about Information Security, but Politics. We have remarkably different and similar views on politics, which we’ve been discussing in private for years, and we thought now was the perfect time to show that it’s possible to disagree with someone, respect them, and have a conversation about those disagreements in a positive and useful way. This is the first experiment of this kind on Unsupervised Learning, and I’m quite pleased with how it turned out. So with that, Here’s Jeremiah Grossman.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

Amazon has many thousands of people doing quality control on Alexa, meaning that they're listening to incoming audio captured on Echo devices. This shouldn't be surprising. The question is how they're doing it, and what policies they have around privacy when doing so. I don't personally see a major problem here. But at the same time I'd never put a Facebook device in my home. To me it's more about the company and its incentives than anything else. LinkA number of FBI-affiliated websites were hacked, and information on thousands of federal agents and law enforcement officers are now being sold online. LinkChinese schools are using facial recognition on students, and using ML to determine whether or not they're currently paying attention, distracted, etc. LinkSift is a service that builds a risk profile on you so merchants can determine whether you're a benign actor or someone about to commit fraud. I think people need to accept that continuous risk scoring for people and situations is both inevitable and actually already happening. The moment you try to block bad actors by looking at their behavior, you quickly end up with a score that determines action based on various thresholds. And the moment you do it for bad actors, you're kind of implicitly doing it for good actors as well. There are better and worse ways to approach this, but profile scoring is not something we're going to be able to avoid going forward. Let's accept this reality and start having the conversations about how to make (and keep) this functionality as benign as possible. LinkA Dutch F-16 was damaged by rounds from its own 20MM cannon. So it fired bullets, and then flew into them. Life is awesome. LinkBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

Mastercard is looking to create a Digital ID service that can bind your digital presence to your mobile device, which will be able to verify you to various services. Palantir has won an $800 million contract to build the next combat intelligence system (to replace DCGS-A) for the Army. Putin appears to be causing brain drain in Russia. Dropbox has an interesting proposal for improving vendor security assessments. TL;DR: They turned their requirements into contractual points. LOVE IT. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.