The Cyber Why: What We Read This Week...
... and why you should too! (3/28/24)
TCW is back at it again. We are here to be the Sunny Delight on your otherwise dreary day. In this week’s TCW we discuss a new term - “AI Washing”, detail a path to becoming a Cyber Ninja, have a sober moment discussing online gambling’s impact on the average American, detail what makes up modern application security (hint it’s not *AST), and for our story #5 we bring you an article that tracks down the fate of the girl who turned orange! PHEW.. that’s a lot.. get to the reading and we hope you have a wonderful Easter weekend!
Featured Sponsor - Traceable.AI
API Masterclass Episode 4 is LAUNCHED!
Do you love the idea of robbing a bank? Good news you can, totally ethically. Join Traceable for the next live API Security Masterclass. We’ll cover an introduction to APIs, what kind of vulnerabilities exist, how you can find them, and how you can test your own APIs. Whether you’re on the blue team and trying to understand threats, a hacker new to APIs, or a developer trying to better understand how your code can go wrong, these live classes will tell you everything you need to know. And don’t leave it on in the background, these are interactive sessions so you can get the most out of it! Join Episode 4 or go back to Episode 1 to get caught up!
I’m a Techno-Pragmatist!
The Age of AI BS (Business Insider)
At what point is an “AI-enabled product” worthy of being described as an “AI-enabled product?” Many business leaders and product creators are waxing poetic about the AI-enabled capabilities of their latest launches when their product is no more AI-enabled than a crowdsourced mechanical turk-based system fast-firing responses with a rapid Google search. The Securities and Exchange Commission’s chair, Gary Gensler, recently described the term “AI washing” which is when companies give off a false impression that they are using AI in an attempt to amp up investors. At this point, there are more AI companies that you can count and they are all claiming to be the next innovation that will change the world. Are we in the dot-com bubble 2.0 where people drink the cool-aid only to find out later that the metaverse is total bullshit? I don’t think so, but I also don’t think that we will see such a rapid change that our day-to-day lives materially change in the next two to three years. The result is somewhere between techno-optimism and techno-pessimism. Maybe you can call me a techno-pragmatist. Show me where the money is being made and I’ll believe the hype.
Train with CISA — Become a Cyber Ninja.
Apply Now to the Federal Cyber Defense Skilling Academy (CISA website)
(Katie pick) Since its inception, CISA has been diligently providing information and advice to the cybersecurity community. The agency has provided intensive, three-month long training since 2019. The catch — in an effort to attract more people to the understaffed field, it was designed for Federal employees without a background in IT.
Recently, the agency opened up training to all federal employees, regardless of experience or skill level. At the end of the course, students will receive a voucher to take the CompTIA Security+ exam. Courses are offered starting in April 2024.
This is a great opportunity to bring would-be employees into the field, or for anyone in Fed with cyber experience to get a refresh. And it’s all at no cost! But you will have to take a leave of absence since this is a full-time, forty hours per week, program. That might seem like a vacation for current practitioners <GRIN> so get to it!
Will Gambling Kill America? You Can Bet On It!
America Has Become A Society Of Gamblers (The Pomp Letter)
My state of residency, North Carolina, recently passed laws that legalized sports betting causing every ad I see to be overrun by sports betting content. Being a bit of a gambling man myself, I took to the betting apps and have had a little bit of fun in the last couple of weeks. However, I’m not going to sit here, in a chair built of hypocrisy, and tell you that everything will be ok. I’m worried that it won’t be and this interesting article by Anthony Pompliano puts a fine point on what happens when the risk of gambling becomes less of a problem than the current state of the world around us.
Once hope is lost, the gambler’s mindset takes over. So what if they lose a little money on a 100:1 odds bet? The alternative is a life of debt and financial pressure. … Gambling gives people hope in a broken economy.
I am worried that much of the United States will end up with a very severe gambling problem that will cost significant money to help fix in the long haul. An entire generation of people is now being born into the belief that their future should hinge on the successful purchase of a lotto ticket as they continue to plow their money into short-term stock options, meme coins, and sports betting apps instead of value investing, index funds, ETFs, and other tried and true methods of wealth accumulation.
Singles and doubles have created many millionaires. Home run swings lead to many strike outs. But this data doesn’t matter when people have lost hope.
Modern Era AppSec - More Than Just *AST.
A Deep Dive Into The Cloud & Application Security Ecosystem (The Software Analyst Newsletter)
I have literally been in the application security world since the late 1900s (yes I made that joke.) I have seen the birth, maturity, and eventual slowdown of every application security point solution and platform in existence. And just when I think I have a good handle on the definitions, I realize that the cyber world has passed me by, and application security is no longer the old SAST, DAST, SCA combo platter that it once was. I mean… well.. it still IS those things, but it’s a lot more as well.
This article is a really interesting piece that opened my eyes to how intertwined and directly connected the cloud, vulnerability management, application security, pipeline, developer, and runtime protection technologies have to be if you want to have a chance at stopping attacks and finding issues before they are exploited in the wild. If you are at all interested in expanding your view into what makes the protection of your systems possible take a look at this piece by The Software Analyst Newsletter.
What Rhymes with ORANGE… SunnyD!
Did SunnyD really turn a girl orange? (The Hustle)
For this week’s TCW Story #5 we read an article that uncovers the mind-boggling story of the girl who turned orange by drinking too much Sunny Delight (SunnyD). If you were a child in the 1980s or 1990s you most certainly will remember that amazing orange-flavored drink that quenched your thirst on a hot summer afternoon. The stuff was amazing and only slightly less tasty than its bigger and better cousin, Kool-Aid. SunnyD was one of the most important drinks of an entire generation of children - and it was supposedly GOOD for you! Until it wasn’t…
A story went viral about a girl in South Wales who drank too much SunnyD and turned herself orange. That’s INSANE you say! That could NEVER happen from drinking too much sunshine-flavored juice! At first, I agreed - and then I read this article. The Hustle took the time to track down the original doctor who claimed on medical record that he indeed found a girl who had turned orange from too much SunnyD consumption. His revelation may shock you… give this fun one a read!
Quick Hits and Hidden Gems
Millions of Americans caught up in Chinese hacking plot - US (BBC) - Tracking enabled emails, home router exploits, and mayhem from China. No surprise here.
Unveiling the Art of Mastering Vulnerability Management in Cybersecurity (CISO Tradecraft) - vulnerability management is just tracking issues. There’s WAY more to a successful program than first meets the eye.
Sam Bankman-Fried gets 25 years: Where will he serve his sentence? (Fox Business) - Hopefully, the answer is a hard dark dank federal prison!
CFOs Tackle Thorny Calculus on Gen AI: What’s the Return on Investment? (WSJ) - ROI is always a key metric for any business initiative. Even AI!
tl;dr sec now has over 50,000 subscribers! (X @clintgibler) - One of the OG cyber newsletter creators hits 50K subs. Holy shit. Congratulations Clint! SUB HERE.
Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver (Bleeping Computer) - To think, I used to do exploit development at one point in my career. Who knew it could ever be this lucrative?
Why It’s Hard to Generate a 10X Return on a Startup Investment? (Venture Curator) - For those that like to learn about VC math.
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!
Thanks so much guys for the feature!