This document contains a collection of URLs and short passages on various cybersecurity and technology topics. Key points include that North Korea was publicly attributed to the Sony hack by the FBI, biometric authentication is being used for mobile payments in Europe, and AI technology can be used to generate fake videos. It also discusses privacy and security issues related to fitness tracking apps revealing locations of military bases, and how usability impacts security as smart home devices could enable domestic abuse.

1. The PDF is in ‘notes’ view because there are lots of URLS in the 2nd half.
1

2. 2

3. Kim Yong Chol, former NK military intel chief, FBI has publicly attributed break in to
NK https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation
3

4. https://www.youtube.com/watch?v=EmBneh0oy7E
5

5. 6

6. 7

7. 8

8. * Now if you include IoT which fails to compile with modern defenses.
9

9. New attackers are covered in Tampering, EoP and Conflict
10

10. Explicitly not “the way to threat model is”
11

11. 12

12. 13

13. 14

14. 15

15. https://twitter.com/evacide/status/878695077085708288
17

16. 18

17. 19

18. 20

19. 21

20. 22

21. Discussion and dialog, Allspaw’s Kitchen Soap blog
23

22. 24

23. 25

24. 26

25. 28

26. 29

27. 30

28. https://techcrunch.com/2016/10/04/mastercard-launches-its-selfie-pay-biometric-
authentication-app-in-europe/
https://darkwebnews.com/dark-web/selfie-darknet-sale/
https://arxiv.org/pdf/1803.04683.pdf
31

29. https://www.theverge.com/tldr/2018/4/17/17247334/ai-fake-news-video-barack-
obama-jordan-peele-buzzfeed
32

30. 33

31. https://www.theverge.com/tldr/2018/4/17/17247334/ai-fake-news-video-barack-
obama-jordan-peele-buzzfeed
34

32. https://www.theregister.co.uk/2018/06/15/taplock_broken_screwdriver/
35

33. http://www.iflscience.com/plants-and-animals/migrating-stork-racks-up-2700-on-
researchers-cell-phone-bill/
36

34. https://www.defense.gov/News/Article/Article/1594486/new-policy-prohibits-gps-
tracking-in-deployed-settings/
https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-
location-of-secret-us-army-bases
https://www.bellingcat.com/resources/articles/2018/07/08/strava-polar-revealing-
homes-soldiers-spies/
37

35. 38

36. https://www.eetimes.com/document.asp?doc_id=1333308
39

37. Stress how usability again becomes a security property, and how hard configuration
can be to understand.
https://www.nytimes.com/2018/06/23/technology/smart-home-devices-domestic-
abuse.html
https://threatpost.com/rowhammer-variant-rampage-targets-android-devices-all-
over-again/133198/
40

38. SSH auth forwarding still rocks by default J
41

39. 42

40. Paul Pols
43

41. More complex code, more bugs goes back to the intro to the 1st ed of firewalls &
Internet security by Cheswick & Bellovin
44

42. Conflict
Countries & “Non-state actors” with geopolitical goals
Between groups
Between people
”non-state actors” like ISIS
45

43. Note the technical choices: create an interstitial; review (rather than delay) reviews;
explain what a good review is
https://www.yelp.com/biz/the-red-hen-lexington-3
https://www.nbcwashington.com/news/local/Wrong-Red-Hen-DC-Restaurant-
Getting-Death-Threats-After-Spot-With-Same-Name-Booted-Sarah-Huckabee-
Sanders-486500061.html
46

44. 48

45. https://www.levendowski.net/conflict-modeling
http://achangeiscoming.net/2017/04/15/transforming-tech-diversity-friendly-
software/
50

46. Here’s a more structured example. What are some of the ways an harasser could
attack somebody?
Original:
https://docs.google.com/presentation/d/1JB3bTbJvjEypKlPu1JKV20Oz9YlF5zRCl3vLIP
dDTrA/edit#slide=id.g2073602466_0_0

47. 52

48. https://splinternews.com/how-nextdoor-reduced-racist-posts-by-75-1793861389
https://blog.nextdoor.com/2016/08/24/reducing-racial-profiling-on-nextdoor/
53

49. 54

50. 56

51. 57

52. 58

53. 59