Downstream prosperity

Via Chris Lynch, this is a very interesting post: 

You’ve probably heard of the PayPal Mafia. When eBay bought PayPal in 2002 its founders took the money, scattered, and built the next generation of digital monopolies.

Peter Thiel founded Palantir and seeded Facebook. Reid Hoffman set up LinkedIn. Chad Hurley and Steve Chen started YouTube. Max Levchin founded Affirm.

Elon Musk—who had merged X.com into PayPal two years earlier—went a different direction. He took his payout and leased a small warehouse in the El Segundo area of LA.

He bolted a sign on the front that read “Space Exploration Technologies Corp.”

We all know where that's gone. 

Most people still think SpaceX is “just” a rocket company. But it’s actually a machine for producing world-class talent. A talented engineer takes a job at SpaceX, learns the Elon Musk “way” of solving impossible problems, then graduates as a force of nature ready to transform other industries.

After meeting dozens of SpaceX graduates in warehouses across LA, I’m convinced:

The SpaceX Mafia will create more wealth than the PayPal Mafia—possibly more than all of Silicon Valley combined.


If you can track only one alumni group in business today, this is the one. SpaceX is the new Harvard.

A hedge fund buddy of mine told me: “I’d pay real money for a database of ex-SpaceX employees.”

The article then goes on to list four companies founded by SpaceX alums - the "SpaceX Mafia" who are already solving really hard (and expensive) problems.  Only two are space companies. 

 Highly, highly recommended.

Bravo Zulu, Coasties

A cruise ship got stuck in the ice off Antarctica, and the Coast Guard (by chance) had an icebreaker nearby.  Well done. 

All I want for Christmas

James emails this bit of awesome:

 

Are we winning the security war?

I was not really expecting this:

The surprising conclusion: there’s a long way to go, but we’re doing better than we think. There are substantial improvements across threat operations, threat ecosystem and organizations, and software vulnerabilities. Unfortunately, we’re still not seeing increases in consequence. And since cost imposition is leading to a survival-of-the-fittest contest, we’re stuck with perhaps fewer but fiercer predators. 

Something that feels different from 10 years ago is a much greater focus on security compliance: SOC2, ISO 27xxx, etc.  There's a lot more of this than there used to be, and this absolutely will help shut out the ankle biters and larval stage Bad Guys.  A second order effect of this is that the lack of success for these types will encourage some of them to drop out of the hacking biz.

Of course, SOC2 won't really help much with the top predators, but I've said for a long long time that you are unlikely to be able to secure yourself from the KGB (OK, OK, FSB). 

But all in all, this was unexpected good news. 

Security cats and dogs, living together

This was so full of win that it is in danger of collapsing into a Black Hole of win.

But let me give you some background about why.  Longtime readers know how I enjoy Christmas light displays that people put up at their houses.  As it turns out, Rob Joyce (they guy who led the NSA's attack team, TAO) is one of these people.  OK, cool - the Fed.Gov's chief h4X0r dude likes his light show.  So what?

Well, he went out to ShmooCon and gave a preso about how he did it. For those not in The Biz, ShmooCon is a very long running hacker convention - it's not at all corporate button-down.  Still has a whiff of the old school to it.

And so Joyce gave a talk about his Christmas lights there.

El Reg has an interview with him about this, which is a great read.  Here are my two favorite bits:

[Driving around looking at other people's displays] It was over the top and gaudy, and just really made me happy. I said "I think I could do that," meaning I have the technical chops to achieve it. And [Joyce's wife] said, "yes you can," and I took that as license to mean, "yes, you can do it." And so when boxes started arriving in the mail in February and March, she's like, "what the hell is this?"

I can totally hear The Queen Of The World saying those very same words to me ...

The Register: A senior person in the NSA ordering huge amounts of electronic equipment from China didn't set off any red flags?

Joyce: None of the compute comes from China, just the LED strings themselves. I would applaud somebody if they could supply chain that.

I do take a little more care in the control system itself. It's not connected to the internet and is a standalone network – because I do have friends who have interesting hobbies and would love to change my display and make it say some interesting things.

In this business you don't last very long - or rise very high - if you're not paranoid.

Highly, highly recommended - both the interview and the video.

Coldplay - All My Love

The Queen Of The World pointed this out.  She sure finds all the good stuff.  This isn't really a Christmas song, but it's sure a song for the Christmas season.  Dick van Dyke reflecting on a life well lived.

"What is Love?"  Ah, this is one of the Great Questions.  The greatest minds have grappled with these questions throughout the ages.  But the Great Questions do not have answers - that is not their purpose.

What a great video.

The Bad Guys are on a losing streak

Earlier this week we saw a bunch of Russian hackers sentenced to prison, now we see Interpol execute a massive take down of multiple groups of Bad Guys:

Interpol is reporting a big win after a massive combined operation against online criminals made 41 arrests and seized hardware thought to be used for nefarious purposes.

Operation Synergia II – the follow up to the first Synergia raids that were announced in February – saw cops in 95 countries crack down on phishers, ransomware extortionists, and information thieves around the world. The operation was carried out in conjunction with the corporate world, specifically Group-IB, Trend Micro, Kaspersky and Team Cymru.

In addition to the arrests, Interpol revealed 65 people are still under investigation and claimed to have shuttered 22,000 IP addresses, taken control of 59 servers and 43 other computing devices.

Bravo Zulu, y'all.

Spasiba, tovarisch!

Wow:

Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges.

Russian news publication Kommersant reported that a court in St. Petersburg found Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov guilty of illegal circulation of means of payment. Puzyrevsky and Khansvyarov have also been found guilty of using and distributing malware.

...

REvil, which was once one of the most prolific ransomware groups, was dismantled after Russia's Federal Security Service (FSB) announced arrests against several members in an unprecedented takedown. 

They aren't just going to prison, they're going to a Russian prison.  More of this, please.

 

 

The good security news keeps rolling in

I don't remember a week of such good security news:

A 25-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake.

On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday.

...

In a statement on Moucka’s arrest, Mandiant said UNC5537 aka Alexander ‘Connor’ Moucka has proven to be one of the most consequential threat actors of 2024.

 Too bad we can't send him to a Russian prison, nyet?

Old tools are gold

So this guy has a hydraulic press and he runs both a 100 year old American sledge hammer and a new (Harbor Freight looking) Chinese one through it.  The old one was unscathed; the new one gets squished.

A sledge hammer gets squished. 

But then the guy returns the old one into like new condition.  If you like old tools, this is 8 minutes worth your while.

The Rat Bastards lose a privacy battle

Good:

One of the major data brokers engaged in the deeply alienating practice of selling detailed driver behavior data to insurers has shut down that business.

Verisk, which had collected data from cars made by General Motors, Honda, and Hyundai, has stopped receiving that data, according to The Record, a news site run by security firm Recorded Future. According to a statement provided to Privacy4Cars, and reported by The Record, Verisk will no longer provide a "Driving Behavior Data History Report" to insurers.

Skeptics have long assumed that car companies had at least some plan to monetize the rich data regularly sent from cars back to their manufacturers, or telematics. But a concrete example of this was reported by The New York Times' Kashmir Hill, in which drivers of GM vehicles were finding insurance more expensive, or impossible to acquire, because of the kinds of reports sent along the chain from GM to data brokers to insurers. Those who requested their collected data from the brokers found details of every trip they took: times, distances, and every "hard acceleration" or "hard braking event," among other data points.

You will no doubt be shocked to hear that car dealers "helped" customers opt-in, as part of getting their brand new vehicles ready for the road.

But it looks like the revenue from this didn't offset the bad PR and customer bad feelings associated with the program, and so they dropped it like a hot potato.

GM quickly announced a halt to data sharing in late March, days after the Times' reporting sparked considerable outcry. GM had been sending data to both Verisk and LexisNexis Risk Solutions, the latter of which is not signaling any kind of retreat from the telematics pipeline. LexisNexis' telematics page shows logos for carmakers Kia, Mitsubishi, and Subaru.

...

Disclosure of GM's stealthily authorized data sharing has sparked numerous lawsuits, investigations from California and Texas agencies, and interest from Congress and the Federal Trade Commission.

Act like a Rat Bastard, get treated like a Rat Bastard.

First ships leave port of Baltimore

Still a lot of work to do and restrictions on size and weather conditions, but good news from Baltimore.  

The scaffolding is coming down on Notre Dame de Paris

This is pretty cool.  I think this is the first time I've linmked to something from the "Today" show, but it is cool.

The Day Is Mine, Trebek

Borepatch 2, Air impact wrench Cletus 1.

I soaked it good with PB Blaster including underneath the housing that the bolt went into.  Let it soak overnight.  Got my strongest ratchet and c-a-r-e-f-u-l-l-y used the cheat bar.

Out it came.  Yay, me!

Thanks to everyone who left comments yesterday.  Still not happy that a one hour job turned into a whole day, but onward!

Law Enforcement takes down major ransomware site

This operation is pretty impressive:

Notorious ransomware gang LockBit's website has been taken over by law enforcement authorities, who claim they have disrupted the group's operations and will soon reveal the extent of an operation against the group.

...

But Europol has reportedly taken credit for shutting down LockBit, so perhaps Operation Cronos really has disrupted the gang’s operations.

If that's the case, this action will be welcome. LockBit is prolific and vicious: we've reported it attacking a children's hospital, Infosys, sandwich chain Subway, and many other attacks.

Reportedly there have been multiple arrests, data has been found that is expected to lead to more arrests, and multiple crypto currency accounts have been seized.  Eleven countries worked together on this which is also impressive.

We will see how much impact this has but Lockbit is one of the biggest ransomware schemes out there.  

And this isn't the only one of these takedowns in the last couple of months.  Well done.

 

A winter doldrums public service post

Over at Flares Into Darkness, there is a bunch of beach paintings.  Yeah, it looks exactly like that here right now.  Here's an example:

Go check them out.  This is a daily read for me.

Notre Dame de Paris on track for complete restoration later this year

This video is somewhat light on details but it's impressive just how many people are involved in the project.

This video is more in depth on what has happened over the last 90 days or so.

Introducing The Queen Of The World

Michael left a comment to last night's post where I was off to sack Rome and TQOTW was a mermaid:

Show us your ugly mug but keep the mermaid for yourself?

Sigh, so uncivilized. LOL

Touche, Michael.  So with her permission, here she is as the Queen of the World:

And here is the mermaid:

Man, this web site has made us waste a lot of time on a Sunday morning.

More on the Herculaneum Scrolls

This is an excellent layman's introduction to what the big deal is about the Herculaneum Scrolls.  Short answer: it's a very big deal indeed.

This video gives background on why Herculaneum is such a unique site, and why the scrolls discovered there could only have been found there.  Highly, highly recommended.

Bravo, Apple

Yes, the iPhone is a "Walled Garden" controlled by Apple.  But this is a benefit that you'd expect from a walled garden:

The Apple App Store supports more than 36 million registered Apple developers, but not all of those coding partners are benign. In a report on App Store safety this week, the computing giant noted that last year it booted nearly a half-million (428,000) developer accounts from the platform for carrying out fraud and abuse.

Apple said that in all, it prevented more than $2 billion in potentially fraudulent transactions in 2022, rejecting nearly 1.7 million app submissions for privacy violations, spammy or misleading features, or containing hidden or undocumented capabilities.

It also dismantled 282 million customer accounts for fraud and blocked nearly 105,000 Apple Developer Program enrollments for suspected malicious activities before they could submit apps to the App Store. And it detected and blocked more than 147 million fraudulent ratings and reviews.

This costs them money, but it keeps the App Store in better shape than the equivalent for Android which is stuffed to the gills with malware.  Well done, Apple.  Credit where credit is due.