The Cyber Why: What We Read This Week...
... and why you should too! (1/13/2023)
It feels so weird to type the numbers - “2023” but here we are. Half way through the first month of the new year and we’ve already seen some really interesting content. Here’s to a great new year! This week in The Cyber Why we cover AI in defensive and offensive cyber security, how to find live AWS keys en masse in public code, learn how a college senior wrote a system to sniff out AI generated text, and finally we completely rip apart every automobile manufacturer on the planet. Crazy!
Before you jump into the content let me say how excited I am to be writing The Cyber Why this week. Thanks to support from you and fellow content creators we are very close to passing 1K subscribers. I only started The Cyber Why on November first 2022 so the growth is crazy fast! Please remember to tell your friends, tweet us, and share us on any social media. We appreciate you!
It’s time to settle in, grab a beer (or two) and get to reading. Have a great week!
Defensive vs. Offensive AI: Why security teams are losing the AI war (VentureBeat)
As long as I have been in cyber security, offensive and defensive techniques have been two sides of the same coin. There are experts that spend their entire careers on one of these sides never really experiencing what it’s like on the flip side. It’s going to be fun to watch as AI and ML will have to tackle both sides of this proverbial coin to succeed. This is one of the top articles for the week, discussing both threats and defenses using AI backed systems in modern enterprise systems. If you read one article this week, this is it!
Game of Thrones in cybersecurity: data gravity, industry consolidation, platform play, private equity, and the great cyber gold rush (Venture In Security)
(Even the title is LONG!) Ross, buddy, this is a masterpiece of analysis. Seriously it is, but I couldn’t get through it all in one, two, or even three sittings! This tome of top tier journalism clocks in at over 7K words and 44K characters. Sorry to admit but I had to skim this one. If you enjoy deep analysis of markets, consolidation, cybersecurity futures, and venture investment, this is a must read. Just be ready to set aside some time as it’s a beast. I plan to read it in detail on my flight to Vegas next week!
Researchers discover critical vulnerabilities in Ferrari, BMW, Toyota, and other automotive giants (Cybernews)
I could have sworn I covered this one last week as it was released on January 3rd, however it doesn’t look like I actually did! This is a crazy interesting hack. Sam Curry and a crew of other web application security researchers disclosed a group of vulnerabilities including one in a system used by AT&T that could disable hundreds of millions of SIM cards installed in Tesla, Subaru, Toyota, and Mazda vehicles. But they didn’t stop there! After the discovery of their first flaws they proceeded to completely decimate the entire automobile industry with flaws that allowed complete take over of any vehicle including police and ambulances. The further down the rabbit hole they went the more they ripped up everything they touched. Check out this article for a detailed list of the issues they found- It’s well worth the technical deep dive!
How Founders Should Approach The Coming Wave Of M&A Deals (Crunchbase)
Not really too deep an article but I wanted to put it here for any of my subscribers that are founders that are struggling right now with the decision of when or how to sell their company. It’s not easy. There are a lot of things to consider, and this article gives you a few different ideas to think about. Don’t rely on a random inbound inquiry about acquisition happening - Get proactive, build relationships, and make sure you know where your exits are when it’s time to run. As the author says, returning capital to the investors in a professional way via a well timed M&A can help you set up for your next adventure!
I scanned every package on PyPi and found 57 live AWS keys (tomforb.es)
This looks as if it is becoming a weekly occurrence. If you take the time to look though publicly posted code you quickly find out that developers still don’t understand how to keep their keys secure. You think it would be easy… but I guess not. Check out the research done by Tom Forbes as he decided to scan every single package on PyPi and found over 50 live AWS keys that he could steal. When will the world stop trying to hide things in plain sight.
Chinese researchers claim to have broken RSA with a quantum computer. Experts aren’t so sure. (The Record)
It’s always so hard to tell if a story is real when the content or research originates from a country that has strict control over their media as a propaganda engine. This time around, Chinese researchers are claiming to have hacked 2048-bit RSA encryption using a quantum computer. I’m not sure who to believe on this one, but if history repeats itself (and it usually does), there’s likely fire where this smoke is coming from.
Inside the Structure of OpenAI’s Looming New Investment From Microsoft and VCs (Fortune)
I know this post requires a paywall, but it’s worth checking out if you can. The design of the OpenAI deal is extremely unique and like nothing I’ve ever heard of. Apparently MS is investing $10B in OpenAI valuing the company at around $29B. What makes this interesting is that MS will reportedly get a 75% share of OpenAI’s profits until it makes back the investment and then from that point forward would get a 49% stake in OpenAI. Here’s a non paywall link with some additional datapoints. I grabbed the infographic from Twitter that helps get a bit more color on the structure. OpenAI is intended to be a non profit when everything is said and done. It’s going to be very interesting to see how a return on investment actually occurs in the next decade as AI becomes a dominant factor in our daily lives.
MrBeast: Future of YouTube, Twitter, TikTok, and Instagram (Lex Fridman Podcast)
MrBeast is the most subscribed YouTube channel on the planet and Lex Fridman is one of the more interesting and professional interviewers on YouTube. When these two get together on a 2+ hour podcast the discussion is amazing. Lex Fridman has recently come under fire from Nassim Nicholas Taleb for inflating his expertise and being a grifter (reddit). I honestly don’t care about Lex’s background - The interview is fun and interesting and is well worth the watch!
What ChatGPT Means for the Future of Startup Funding (Data Driven VC #18)
The author of this article, Andre Retterath, who is also a partner at Earlybird Venture Capital had some very well informed opinions about the impact of AI and more specifically ChatGPT on the sourcing of deals in the venture world. He claims that augmented VC will help with efficiency, effectiveness and inclusiveness. While I can get behind efficiency and efficacy, I am not sure how this will help remove biases in the system. Wouldn’t the learning system bias for what has worked in the past as opposed to looking for unique and innovative ways of doing something new in the future. I am definitely not saying that a lack of inclusiveness is good, but it has been a massive bias over the history of VC and is has still provided strong results. Wouldn’t an AI system look to optimize for results based on historical data? Innovation and creativity aren’t really the forte of AI (Please debate and prove me wrong in the chat!)
A College Kid Built an App That Sniffs Out Text Penned by AI (The Daily Beast)
Do humans deserve or have a right to know when something has been created by a human vs. by AI. That’s the fundamental question that was posed by Edward Tian, senior at Princeton University after his GPTZero program went viral. He claims the system is able to accurately and quickly determine if a piece of text was written by the AI authoring system ChatGPT. He even put a demo video up where he uses real text and compares the output scores to the scores from AI based content. I’m really interested in the ethical question of the right or need to know that something was AI generated. While it might be important now, is there a future where AI writes and creates in such a way that the value derived from the output is as strong or stronger than human created?
SBC (stock based compensation) spreadsheet (Jonah Lupton)
Stock based compensation is a black box for most employees. They hear a number of shares and they ask for more during negotiation for their new job and that’s it. They vest from there. Maybe they win the lottery and maybe they don’t. I came across this piece by Jonah Lupton that has a number of great links in it to help you understand stock based compensation better. The story also links a large amount of researched data that Jonah collected around the stock based compensation model in commonly known technology companies.
If you’ve made it this far you either found my musings at least semi-entertaining OR you enjoy pain and kept going regardless. No matter how you made it to this point, you should know that I appreciate you. Please do me a solid and share The Cyber Why with your friends. I would love to reach a bigger audience and referrals is how I’ll do it. Help me out and I’ll see you next week!