Spectre & Meltdown
Wow, this is a terrifying vulnerability, which honestly means that we have to decide between an attacker being able to read all the memory on their server, or a 20-40% increase in CPU load. This has massive implications for shared computing like servers, the cloud and other technologies like Docker. A co-worker of mine, Mick, wrote a great blog post on this: https://blog.securityinnovation.com/spectre-meltdown-vulnerabilities-cutting-to-the-chase
I’m still thinking a lot about AI/ML. The NYTimes ran an article where they were able to generate very convincing images of human faces. Google is using ML to generate very convincing human voices There have been some very convincing uses of ML to generate video as well. Put this all together and instead of convincing people that fake things are real it will be increasingly difficult to convince people the real things are real, or easier for these ML techniques to be a scapegoat for embarrassing leaks. (Forgot to turn your microphone off before you went to the bathroom? Blame ML) Here’s an AI/ML year in review: http://www.wildml.com/2017/12/ai-and-deep-learning-in-2017-a-year-in-review/
IoT is coming to town
Miessler and Schneier are blogging about two sides of the IoT coin. Schnier’s side is: IoT is scary, it’s everywhere, and all these giant companies want a piece of your personal, private life and they’re doing a bad job of privacy and security. This is totally true. Amazon, Google, MS, etc. don’t make these devices for fun, they make them for profit. However Miessler counters with the argument that fear mongering about IoT is hurting our progress to an inevitable future, which is also probably true.
As a security services company our job is to help our customers build a more secure IoT product so they can help mitigate their customer’s IoT fears so they can usher them into the future of IoT where everything is connected to everything else.
I like Daniel Miessler's comment a lot:
Yes folks—things are going to get nasty. The digitization of our lives through IoT will be a bumpy ride, and people will get hurt. We in InfoSec are on the front lines. We’re the technologists embracing this change first, as the inevitability that it is, and we’re doing our best to make the transition as safe as possible for you. - Miessler
Social monitoring and credit system
If you’re a Black Mirror Fan you may recognize this from Season 3 Episode 1. China is piloting an idea
From Wired - On June 14, 2014, the State Council of China published an ominous-sounding document called “Planning Outline for the Construction of a Social Credit System”. In the way of Chinese policy documents, it was a lengthy and rather dry affair, but it contained a radical idea. What if there was a national trust score that rated the kind of citizen you were?
Imagine a world where many of your daily activities were constantly monitored and evaluated: what you buy at the shops and online; where you are at any given time; who your friends are and how you interact with them; how many hours you spend watching content or playing video games; and what bills and taxes you pay (or not).
Somebody put together a list of vulnerabilities in Starwars. If you want to get a sense of how hackers see the world, this is a funny (but true) example: https://player.vimeo.com/video/148946917
Posted By: Joe Basirico