The Cyber Why: What We Read This Week...
... and why you should too! (2/4/2023)
First off, I want to flashback to last week’s Cyber Why and thank the amazing Rick Holland for helping me pull together some awesome stories. Rick has a great view into sections of cybersecurity that I can’t see. He’s awesome.. make sure to say “hi” to him on Twitter.
In this week’s newsletter, the snark level is as high as ever and there are some really fun and interesting pieces to check out. Specifically, Lex Fridman’s interview with Andrej Karpathy, one of the top minds in AI, stands out as a must-watch. I also recommend you put some time into a reading of the flashback piece from 2008 entitled “The Six Dumbest Ideas in Computer Security”. Thinking critically about how cybersecurity actually works (or doesn’t work) is an exercise that we could all learn from.
2022 Cybersecurity Startups - Good or bad timing? (Richard Steinnon)
While I’m not sure that using headcount growth as a direct proxy for business growth is one of the underlying data points that can be semi-easily found and tracked. In this piece, Richard looks at the 2022 cybersecurity startups with the most momentum as measured by his proprietary tracking system. Click the link above to go to the full post that contains a longer more detailed list.
Gather Round the Watering Hole, We have a story to tell (Permiso Blog)
Watering hole attacks are nothing new. Attackers have been executing them as long as I’ve been in cybersecurity (over 20 years). The only difference on this one is the distribution mechanism. I thought that Google Ads would have made sure there was no risk to the advertisement before pumping it out to the world at large. I guess that assumption was wrong.
You Really Need to Update Firefox and Android Right Now (Wired)
A list of January updates and security fixes provided by Wired. I’m sure this isn’t all-inclusive but I’m guessing it’s the ones that hold the biggest risk. Or at least the ones that the editors at Wired think are the biggest risks. Either way, there were lots of security findings in January that are worth digging into from a research perspective.
The Six Dumbest Ideas in Computer Security (Marcus Ranum)
I’m in a couple of old-school “hacker” slack groups. This throwback piece came across my radar and the content felt rather provocative. At the time it was written, most if not all of the “dumb ideas” listed were considered orthogonal to what people felt was the “right” thing to do. The points were counterintuitive and the piece really did fire a lot of people up. Looking back at the article 18 years later provides new insights into what really might have been “right and wrong” back then. It’s a really cool read.
MrBeast helps thousands of people with eyesight issues see again (WNCT)
Who says influencers are a drain on society and can’t be helpful? I follow MrBeast closely because he lives near me and is always doing amazing things around the great Raleigh / Durham North Carolina area. This time, he found 1000 blind people and helped them get surgeries they needed to see again. Thanks, MrBeast (sorry though, but your burgers still suck)!
ChatGPT is Making Universities Rethink Plagiarism (Wired)
If it’s plagiarism to copy content from websites and Internet pages without attribution, isn’t ChatGPT fundamentally just plagiarising the same content? I mean it’s “smart enough” to have read the entire Internet and then summarize and be generative with what it writes and not give credit. Isn’t that simply the definition of plagiarism? All it’s really doing is regurgitating someone else’s research anyhow — I’m not sure I see the difference. Where do we draw the line?
Emerging 50 - VC’s Newest Fund Managers (Signature Block)
Ego-stroking awards concerns aside, this post by Signature Block enumerates the top 50 emerging venture capitalists. Almost all of these, one to two-person GP teams focus on pre-seed and seed rounds of funding. They say that the best investments are forged in the flames of a down market. While here we are! Which one of these firms will emerge to be the next top winner? Time will tell.
Andrej Karpathy on The Lex Fridman Podcast (Lex Fridman)
The former director of AI at Tesla, a founding member of OpenAI, and an educator at Standford, Andrej Karpathy is one of the top AI leaders in the world today. Lex Fridman is one of my favorite interview-based podcasters on YouTube. When you get these two together, the discussion is incredible! I highly recommend you view this if you have even a passing interest in the future of AI. tl;dr sentient beings are coming eventually!
Frankly Speaking - How Palo Alto Networks Fails (Frank Wang)
I’ve featured posts from Frank Wang in The Cyber Why before. He provides great analysis and is fantastic with his hypotheticals. This piece is a hypothetical on how PAN might possibly fail. I loved the playbook that PAN ran in the 2018-2021 window. They knew their weaknesses and shored them up using very low-cost capital. The big question now is can that trend continue for them in a tighter macroeconomic environment. How does PAN compete against high-flying Wiz and other modern SaaS cloud-native security offerings? Time will tell!
If you’ve made it this far you either found my musings at least semi-entertaining OR you enjoy the pain and kept going regardless. No matter how you made it to this point, you should know that I appreciate you. Please do me a solid and share The Cyber Why with your friends. I would love to reach a bigger audience and referrals are how I’ll do it. Help me out and I’ll see you next week!