What to watch this weekend.Credit: Netflix / AmazonWelcome back, weekend warriors. Its another cold and wintry weekend here in the mountains. It appears the weather gods have deemed autumn unworthy and prefer to skip the season altogether. I wasnt ready for snow, but what can you do?Well, one reasonably decent idea is simply stay indoors! Get comfy on the couch with friends and family and stream some of the new releases out this weekend. To be fair, its a bit of a slow weekend but that doesnt mean there isnt anything worth watching. In fact, one of my most-anticipated TV shows of 2024 comes out on Saturday.Check out last weeks streaming guide right here.Alright, lets dive right in!Whats New This WeekendMORE FOR YOUArcane Season 2 (Netflix)One of my all-time favorite Netflix shows is Riot Games Arcane based on the video game League of Legends. The really great thing about this video game adaptation is that you need absolutely zero knowledge of the game to enjoy it, which is good because Im really not a League fan at all. But I love this show! Complex characters, great voice-acting, gorgeous animation, a thrilling plot filled with magic, action and adventure and deeply personal conflictswhats not to love? The first three episodes of Season 2 air Saturday with three more the next two weekends. This is the final season of this show, unfortunately. Its also the most expensive animated show ever made. Wild! (This is not a kid cartoon either, its decidedly for older viewers).Countdown: Paul vs Tyson (Netflix)Ill be totally honest here: I really dont care about a boxing match between YouTuber Jake Paul and former heavyweight champion, Mike Tyson. Its just a weird, reality-TV-ish thing that rubs me all the wrong ways. Tyson is old. Jake Paul is . . . well, the less we say about him the better. Shouldnt he be fighting someone his own age, at least? In any case, the big fight isnt until next weekend but Netflix released this three-part docuseries to give viewers a behind-the-scenes look at the fighters as they prep for the big fight.Citadel: Honey Bunny (Prime Video)Prime Video is taking an interesting approach to its Citadel franchise. The first seriessimply called Citadelwas an American spy show and really kind of bombed with critics, doing only slightly better with audiences. I have to confess, I only watched an episode. Maybe Ill revisit it sometime. Then came Citadel: Diana which was Italian, both in setting and language. Now Citadel: Honey Bunny is set in India. This is a genuine globe-trotting spy series at this point, and I think thats actually pretty clever. Both the spinoffs have fared much better with critics, so give this a shot if you dont mind dubs or subtitles.Santa Tell Me (Peacock)Its not Christmas yet, but dont tell that to Peacock. The streamer has a ton of Christmas stuff out this month, and a new Hallmark Channel movie for those of you who are into that kind of thing. The Erin Krakow-starring movie comes to Peacock on Sunday, and follows the story of a woman choosing between three suitors, all of whom are named Nick (I guess theres a Saint Nick thing going on maybe). Not my cup of tea, but lots of people love this stuff, and as I always say: To each their own! May the best Nick win . . . .Streaming WeeklyThe herd has been thinned considerably over the last two weeks when it comes to ongoing series that Ive been following. Agatha All Along ended the week before last with a great season finale. I really enjoyed the Only Murders In The Building season finale that week also.We also got the season finale for Peacocks Teacup and I wrote my Season 1 review for that show. I definitely recommend it especially if youre a fan of the classic horror movie The Thing. The Walking Dead: Daryl Dixons second season also ended, though with a whimper rather than a bang. What a shame.There are still a few shows out there to check out, however. Well start with . . . .Shrinking Season 2 (Apple TV)I burned through the first season of Shrinking (having not watched it when it first came out) and am still catching up on Season 2. Its really great, though I think the first season was stronger overall. Thats not really a complaint so much as an observation. I love the characters and they have so many great moments together as they hash out their differences. Its super relatable in a lot of ways. I just hope they dont drag it out beyond its natural arc a la Ted Lasso. New episodes drop Tuesdays on Apple TV.The Penguin (HBO / Max)Im not recapping each week of The Penguin but I do need to write about it again soon because Im genuinely enjoying it . . . for the most part. I have to admit that the most recent episode had a couple weird bits that I found a little jarring, but I can forgive some missteps when everything else is so good. Colin Farrell is fantastic as Oz Cobb, but its Cristin Miliotis sublime performance as Sofia Falcone that really steals the show. New episodes land Sundays on HBO and Max.FROM (MGM)While Ive mostly enjoyed FROMs third season, I have to say that last Sundays episode was a real stinker. I hope things pick up for the rest of the season. I still highly recommend this show to anyone who enjoys horror or old fans of Lost looking for something similar. Its dark and mysterious and a lot of funand even though its far from perfect, Im always excited for each new episode. New episodes air on Sundays on MGM+ which you can subscribe to via Prime Video.Sweetpea (Starz)I just realized that Im at least onemaybe twoepisodes behind on Sweetpea. Ive been super busy and even though my workload in terms of shows has gone down, Ive been doing more video game stuff and just . . . life. You know how it goes. I need to catch up, though, because the Ella Purnell-led drama about a burgeoning serial killer is deliciously dark. New episodes land on Fridays on Starz. Read my thoughts on the series here.What did I miss? Are you watching anything good these days? Let me know on Twitter, Instagram or Facebook. Also be sure to subscribe to my YouTube channel and follow me here on this blog. Sign up for my newsletter for more reviews and commentary on entertainment and culture.Further Reading From Yours TrulyIts been a pretty crazy week what with the election. However you voted, whatever your opinions on the outcome, hang in there and remember: Be excellent to each other. Even though its really damn hard sometimes.What are you watching? Let me know on Twitter, Instagram or Facebook. Also be sure to subscribe to my YouTube channel and follow me here on this blog. Sign up for my newsletter for more reviews and commentary on entertainment and culture.

LAS VEGAS, NEVADA - SEPTEMBER 14: (L-R) Jon Jones and Alex Pereira attend the UFC 306 at Riyadh ... [+] Season Noche UFC event at Sphere on September 14, 2024 in Las Vegas, Nevada. (Photo by Jeff Bottari/Zuffa LLC)Zuffa LLCIn a recent interview with long-time combat sports journalist Kevin Iole, Jon Jones said that if he beats Stipe Miocic on November 16 in the main event of UFC 309, hes probably not going to fight the interim champion, Tom Aspinall.At 37 years old, Jones is nearing the end of a Hall-of-Fame career.He is almost universally considered the greatest MMA fighter of all time. Like other greats in boxing, Jones is inclined to chase fights with other big names and legends that offer more proverbial legacy points and large paydays.Jones has repeatedly said he is interested in fighting current light heavyweight champion Alex Pereira.Predictably, Jones stance caused a massive reaction throughout the MMA community. Many, including former UFC middleweight champion Michael Bisping, have called for Jones to be stripped if he refuses to fight Aspinall.Tom Aspinall during the Heavyweight fight at the Co-op Live Arena, Manchester. Picture date: ... [+] Saturday July 27, 2024. (Photo by Richard Sellers/PA Images via Getty Images)PA Images via Getty ImagesJones has a point, and so do his critics.I cannot blame Jones for trying to maximize his earning potential and build his legacy for the fights he has left in the sport. He knows there is an expiration date on every fighters career.MORE FOR YOUEach fighter has four significant tasks during their careers: have as much success as they can to establish a legacy, make as much money as possible during the process, leave the sport with the mental and physical faculties to enjoy retirement, and continue to earn post fighting.Its not easy, but the concept is straightforward. Jones seemingly thinks about all these things, but his desire to face Pereira more than Aspinall leans into the first two tasks. Pereira is a bigger name than Aspinall.A pay-per-view with that fight as the main event will probably sell more than one headlined by Jones and Aspinall. Therefore, Jones will almost certainly make more money fighting Pereira.From there, Jones critics win all the points.Tom Aspinall left with Daniel Cormier after he beats Curtis Blaydes (not Pictured) in round one ... [+] during the Heavyweight bout at the Co-op Live Arena, Manchester. Picture date: Saturday July 27, 2024. (Photo by Richard Sellers/PA Images via Getty Images)PA Images via Getty ImagesJones has said Aspinall hasnt done enough to deserve to fight him. That could be true, but he has done enough to be the most deserving fighter for a shot at the UFC heavyweight championship.Because Jones is the champion and holding UFC titles requires said fighter to defend their belt against the top challengers, Bones should be willing to face Aspinall.Former UFC womens featherweight champion and recent retiree Germaine de Ramdamie was stripped of her title for failing to accept fights with the top contenders in her weight class. If Jones is the champion, he has to defend it against the No. 1 contender or interim champion.There is no real way around it.That said, Jones didnt tell Iole that he would be determined to hold on to the heavyweight title when or if he faced Pereira. That is likely his wish, but Jones is an intelligent man.He knows that there is a chance he could be stripped if he doesnt fight Aspinall next.UFC President Dana White has been nudging the winner in that direction for weeks. White has said on several occasions that he believes the winner of Jones-Miocic will fight Aspinall next.LAS VEGAS, NEVADA - APRIL 13: UFC CEO Dana White attends the UFC 300 event at T-Mobile Arena on ... [+] April 13, 2024 in Las Vegas, Nevada. (Photo by Chris Unger/Zuffa LLC via Getty Images)Zuffa LLC via Getty ImagesLike Jones, White is also an intelligent man. He knows there is a chance Jones could refuse. Jones has made great money in his career and will collect another substantial payday on November 16.Jones doesnt technically need the UFC anymore or the validation of its titleespecially if he beats Miocic. He would be stripped and free to pursue a fight with Pereira. If that happenswin or losePereira could make his push toward becoming the heavyweight champion.Everyone would win in this scenario, which is probably why it wont happen.

When Donald Trump was last President, ChatGPT had not yet been launched. Now, as he prepares to return to the White House after defeating Vice President Kamala Harris in the 2024 election, the artificial intelligence landscape looks quite different. AI systems are advancing so rapidly that some leading executives of AI companies, such as Anthropic CEO Dario Amodei and Elon Musk, the Tesla CEO and a prominent Trump backer, believe AI may become smarter than humans by 2026. Others offer a more general timeframe. In an essay published in September, OpenAI CEO Sam Altman said, It is possible that we will have superintelligence in a few thousand days, but also noted that it may take longer. Meanwhile, Meta CEO Mark Zuckerberg sees the arrival of these systems as more of a gradual process rather than a single moment.Either way, such advances could have far-reaching implications for national security, the economy, and the global balance of power.Trumps own pronouncements on AI have fluctuated between awe and apprehension. In a JuneLogan Pauls Impaulsive podcast, hedescribed AI as a superpower and called its capabilities alarming. And like many in Washington, he views the technology through the lens of competition with China, which he sees as the primary threat in the race to build advanced AI. Yet even his closest allies are divided on how to govern the technology: Musk has long voiced concerns about AIs existential risks, while J.D. Vance, Trump's Vice President, sees such warnings from industry as a ploy to usher regulations that would entrench the tech incumbents. These divisions among Trump's confidants hint at the competing pressures that will shape AI policy during Trumps second term.Undoing Bidens AI legacyTrumps first major AIJoe Bidens Executive Order on AI. The sweeping order, signed in October 2023, sought to address threats the technology could pose to civil rights, privacy, and national security, while promoting innovation, competition, and the use of AI for public services. Trump promised to repeal the Executive Order on the campaign trail in December 2023, and this position was reaffirmed in the Republican Party platform in July, which criticized the executive order for hindering innovation and imposing radical leftwing ideas on the technologys development.Sections of the Executive Order which focus on racial discrimination or inequality are not as much Trumps style, says Dan Hendrycks, executive and research director of the Center for AI Safety. While experts have criticized any rollback of bias protections, Hendrycks says the Trump Administration may preserve other aspects of Biden's approach. I think there's stuff in [the Executive Order] that's very bipartisan, and then there's some other stuff that's more specifically Democrat-flavored, Hendrycks says.It would not surprise me if a Trump executive order on AI maintained or even expanded on some of the core national security provisions within the Biden Executive Order, building on what the Department of Homeland Security has done for evaluating cybersecurity, biological, and radiological risks associated with AI, says Samuel Hammond, a senior economist at the Foundation for American Innovation, a technology-focused think tank.The fate of the U.S. AI Safety Institute (AISI), an institution created last November by the Biden Administration to lead the government's efforts on AI safety, also remains uncertain. In August, the AISI signed agreements with OpenAI and Anthropic to formally collaborate on AI safety research, and on the testing and evaluation of new models. Almost certainly, the AI Safety Institute is viewed as an inhibitor to innovation, which doesn't necessarily align with the rest of what appears to be Trump's tech and AI agenda, says Keegan McBride, a lecturer in AI, government, and policy at the Oxford Internet Institute. But Hammond says that while some fringe voices would move to shutter the institute, most Republicans are supportive of the AISI. They see it as an extension of our leadership in AI.Read more: What Trumps Win Means for CryptoCongress is already working on protecting the AISI. In October, a broad coalition of companies, universities, and civil society groupsincluding OpenAI, Lockheed Martin, Carnegie Mellon University, and the nonprofit Encode Justicesigned a letter calling on key figures in Congress to urgently establish a legislative basis for the AISI. Efforts are underway in both the Senate and the House of Representatives, and both reportedly have pretty wide bipartisan support, says Hamza Chaudhry, U.S. policy specialist at the nonprofit Future of Life Institute.America-first AI and the race against ChinaTrumps previous comments suggest that maintaining the U.S.s lead in AI development will be a key focus for his Administration.We have to be at the forefront, he said on the Impaulsive podcast in June. We have to take the lead over China. Trump also framed environmental concerns as potential obstacles, arguing they could "hold us back" in what he views as the race against China.Trump's AI policy could include rolling back regulations to accelerate infrastructure development, says Dean Ball, a research fellow at George Mason University. "There's the data centers that are going to have to be built. The energy to power those data centers is going to be immense. I think even bigger than that: chip production," he says. We're going to need a lot more chips. While Trumps campaign has at times attacked the CHIPS Act, which provides incentives for chip makers manufacturing in the U.S, leading some analysts to believe that he is unlikely to repeal the act.Read more: What Donald Trumps Win Means for the EconomyChip export restrictions are likely to remain a key lever in U.S. AI policy. Building on measures he initiated during his first termwhich were later expanded by BidenTrump may well strengthen controls that curb China's access to advanced semiconductors. "It's fair to say that the Biden Administration has been pretty tough on China, but I'm sure Trump wants to be seen as tougher," McBride says. It is quite likely that Trumps White House will double down on export controls in an effort to close gaps that have allowed China to access chips, says Scott Singer, a visiting scholar in the Technology and International Affairs Program at the Carnegie Endowment for International Peace. The overwhelming majority of people on both sides think that the export controls are important, he says.The rise of open-source AI presents new challenges. China has shown it can leverage U.S. systems, as demonstrated when Chinese researchers reportedly adapted an earlier version of Meta's Llama model for military applications. Thats created a policy divide. "You've got people in the GOP that are really in favor of open-source," Ball says. "And then you have people who are 'China hawks' and really want to forbid open-source at the frontier of AI.""My sense is that because a Trump platform has so much conviction in the importance and value of open-source I'd be surprised to see a movement towards restriction," Singer says.Despite his tough talk, Trump's deal-making impulses could shape his policy towards China. "I think people misunderstand Trump as a China hawk. He doesn't hate China," Hammond says, describing Trump's "transactional" view of international relations. In 2018, Trump lifted restrictions on Chinese technology company ZTE in exchange for a $1.3 billion fine and increased oversight. Singer sees similar possibilities for AI negotiations, particularly if Trump accepts concerns held by many experts about AIs more extreme risks, such as the chance that humanity may lose control over future systems.Trumps coalition is divided over AIDebates over how to govern AI reveal deep divisions within Trump's coalition of supporters. Leading figures, including Vance, favor looser regulations of the technology. Vance has dismissed AI risk as an industry ploy to usher in new regulations that would make it actually harder for new entrants to create the innovation thats going to power the next generation of American growth. Silicon Valley billionaire Peter Thiel, who served on Trumps 2016 transition team, recently cautioned against movements to regulate AI. Speaking at the Cambridge Union in May, he said any government with the authority to govern the technology would have a global totalitarian character. Marc Andreessen, the co-founder of prominent venture capital firm Andreessen Horowitz, gave $2.5 million to a pro-Trump super political action committee, and an additional $844,600 to Trumps campaign and the Republican Party. Yet, a more safety-focused perspective has found other supporters in Trump's orbit. Hammond, who advised on the AI policy committee for Project 2025, a proposed policy agenda led by right-wing think tank the Heritage Foundation, and not officially endorsed by the Trump campaign, says that within the people advising that project, [there was a] very clear focus on artificial general intelligence and catastrophic risks from AI.Musk, who has emerged as a prominent Trump campaign ally through both his donations and his promotion of Trump on his platform X (formerly Twitter), has long been concerned that AI could pose an existential threat to humanity. Recently, Musk said he believes theres a 10% to 20% chance that AI goes bad. In August, Musk posted on X supporting the now-vetoed California AI safety bill that would have put guardrails on AI developers. Hendrycks, whose organization co-sponsored the California bill, and who serves as safety adviser at xAI, Musks AI company, says If Elon is making suggestions on AI stuff, then I expect it to go well. However, theres a lot of basic appointments and groundwork to do, which makes it a little harder to predict, he says.Trump has acknowledged some of the national security risks of AI. In June, he said he feared deepfakes of a U.S. President threatening a nuclear strike could prompt another state to respond, sparking a nuclear war. He also gestured to the idea that an AI system could go rogue and overpower humanity, but took care to distinguish this position from his personal view. However, for Trump, competition with China appears to remain the primary concern.But these priorities arent necessarily at odds and AI safety regulation does not inherently entail ceding ground to China, Hendrycks says. He notes that safeguards against malicious use require minimal investment from developers. You have to hire one person to spend, like, a month or two on engineering, and then you get your jailbreaking safeguards, he says. But with these competing voices shaping Trump's AI agenda, the direction of Trumps AI policy agenda remains uncertain.In terms of which viewpoint President Trump and his team side towards, I think that is an open question, and that's just something we'll have to see, says Chaudhry. Now is a pivotal moment.

Home Vast majority of cyberattacks still traditional and unsophisticated Alethe Denis exclusive interview Interviews Vast majority of cyberattacks still traditional and unsophisticated Alethe Denis exclusive interview24 min read Published: November 8, 2024 For our second interview in this series, we have Alethe Denis Senior Security Consultant on the Red Team at Bishop Fox, member of the DEF CON Groups Board, and a star in the DEF CON Black Badge Hall of Fame.Alethes work with Bishop Fox has helped businesses develop and enhance solutions and strategies to improve their security, and her perspectives have been featured in numerous outlets, including the Wall Street Journal, Der Spiegel, DARKReading, and The Register.Besides being a renowned expert in offensive security, shes also a public speaker and shes passionate about giving back to the community, whether its through training the personnel of the U.S. Army Special Operations Command, or mentoring cybersecurity students and staff at Los Alamos National Laboratory.Now, shes here to share her knowledge with us. We asked Alethe about several topics, covering everything from what makes us vulnerable to phishing to the potential role of AI and deepfakes in future phishing attacks. She was generous with her insights, and were excited to share her expert perspective with you.In this articleQ: Do you think its possible for someone to be entirely impervious to phishing attacks, or is everyone vulnerable to some extent? (Question by Diana)Everyone is vulnerable to social engineering every single human. And thats why its so effective as an attack vector. We are all vulnerable because we are all connected.Just as the only truly secure system is one that is not connected to anything, the only secure human would be one that is not connected to anyone else; one that does not have to interact with anyone else. With our collaborative work environments, this is simply not possible.Layer human psychology and human behavior on top of the necessity to engage and interact with each other, and we are all, unfortunately, very much vulnerable to social engineering.I myself fell victim to it a phishing attempt for my wireless phone account pin number. That experience launched me into this space and motivated me to learn more about social engineering to ensure that I never fell for it again. That led me to want to help educate others, eventually guiding me to a career in offensive security on a red team, where I now employ social engineering tactics on a daily basis.From more than a decade of experience now, I can share that there is always at least one person who is just the right level of distracted, helpful, or simply cognitively unable to discern when theyre being manipulated by another human.Thats an unfortunate truth we, as the protectors and defenders, need to accept. The only thing that can protect a certain percentage of the population are our technical controls.Q: Whats the most sophisticated scam youve encountered? Perhaps it was one of your devising? (Question by Alpa)I most admire these scams that leverage multiple layers of pretexts or technology to create the appearance of a genuine request or persona.We typically only hear about the final act in the media the last phone call or the final exploit of the human at the helpdesk of the company that was compromised. But what I admire is the architecture of the con.I also enjoy the use of new and unique platforms in the fabrication of bogus identities and phishing attempts. For example, we recently started hearing about the use of Google Calendar invitations and Google Doc Comment email notifications as a means of sending phishing links to unsuspecting victims.How truly creative, to leverage a trusted email service to deliver a notification email that was guaranteed to land in the targets inbox, and then direct them to a trusted platform Google calendar or Docs to deliver a malicious link.I dont qualify many of these scams, or social engineering in general, as sophisticated. In fact, social engineering, by definition, is not sophisticated by most information security professionals standards.However, the use of SaaS and third-party software products and services to deliver malicious links and payloads is, by far, the most effective and sophisticated type of campaign currently employed by attackers (and by our own red team during social engineering campaigns). This approach helps us evade detection and bypass a lot of the common monitoring and alerting capabilities of our client organizations.However, its not really in my best interest to disclose how we are accomplishing this, now is it? Q: You love Pulp Fiction, some of us @ Techreport also love Pulp Fiction. What makes it so special to you? (Question by Alpa)Source: SFGATEThe movie Pulp Fiction came out when I was 12 years old, and I managed to sneak into the theater to see it. Probably not the best idea but, at the time, I didnt know any better and I knew that Tarantino was special. I adored the humor because it was very dark and, even though I was young, Id been exposed to a lot of adult problems and challenges, even at that stage in my life.I was operating in a very adult world, even as a preteen. There were some scenes and themes that went over my head, but, for the most part, I empathized with the characters. I appreciated the character development and the storytelling so much. The film made a huge impact on me.I also loved that they incorporated a University of California Santa Cruz T-shirt into the movie. John Travoltas character wears the T-shirt after the famous incident in the car, which requires him to change his clothing. I was living on the UCSC campus when the movie came out. In fact, the theater I snuck into to see the film was in downtown Santa Cruz, and people lost their minds when that T-shirt came on screen.Having our university and that mascot featured in a movie getting that much attention was pretty sensational for both the university and the town of Santa Cruz, where I lived at the time and for the two years following the movies release.A couple of years ago, I had the opportunity to go to the New Beverly theater in Hollywood which is owned by Quentin Tarantino to see a midnight showing of Quentins own 35mm print of the movie Pulp Fiction, with his manual edits to the film.It was a pretty incredible experience to see where he cut and spliced the 35mm film and taped it back together, and to see that raw edit of the physical film was very special. Just knowing that it was from his personal collection was even more insane.The theater is older with the original seats, and it literally smells like 1994 in there. I felt like I was 12 years old again, sneaking into the theater to watch that movie on film. Its an experience I will treasure for the rest of my life.Q: Youre a great supporter of Hope for the Hinterlands of Nepal. What drew you to the cause? (Question by Alpa)I was approached by Vipin Sangwan several years ago. He was asking for support for his efforts to provide the resources to enable girls and young women to remain in school in Nepal.Most of the young girls and young women in Nepal are forced to marry young because they are from families that are severely under-resourced and lacking in material wealth to support them.This charitable organization provides the financial support and material resources to help families keep their girls and young women in school, allowing them to create their own paths, careers, and the lives that they choose for themselves, rather than having their destinies dictated out of financial necessity.Ill admit that, at first, I was pretty skeptical. I get approached rather frequently by people requesting money for support of various funds. But Vipin was able to demonstrate his efforts and show verifiable evidence of where the funds were going, and how his efforts were benefiting these communities and changing lives.Over the years, he has continued to send regular updates to me, including pictures and videos from his journeys across hundreds of miles of rough terrain to bring clothing and supplies to children in schools all over Nepal.Recently, he has manufactured stoves and donated those to families, providing heat and healthier cooking methods that reduce smoke in the peoples homes and helps prevent health problems.But what has moved me the most is Vipins selflessness, his generosity with his time, and dedication to this cause. He has put his entire life on hold in order to physically make these things happen and create this positive change.Thats something not many people would be willing to do, and his sacrifice is something that merits support. Donating money and raising awareness feels like the absolute least I can do.Q: What are you most afraid of when it comes to modern cybersecurity threats? (Question by Amy)Im most weary of our overdependence on tools and our overconfidence in them. Human sneakiness and social engineering are, in my humble opinion, our biggest threats moving forward.As we continue to automate things and depend on machine learning and AI to do the bulk of our simple tasks, and later, our more complex tasks, I see us losing that keen human insight and ability to identify vulnerabilities and threats that are more complex or layered in their approaches.Its similar to how a self-driving car is unable to anticipate the car that you just know is going to change lanes up ahead, even before they put their blinker on or start to move over. There are some things that human experience and skill will always be better at determining, compared to automation or rule-based logic.Q: What are, in your opinion, the most important best-practices for someone to avoid falling prey to online phishing attacks? Whether thats a scam email or a spoofed website. (Question by Alex)Time time is the best protector against an emotional response. I have a rule that, when I read an email, especially early in the morning, I am not allowed to respond for at least 15 minutes. This gives me time to process the request and properly verify that the other person is genuinely authorized to make this request.Secondly, ask questions. Dont be afraid to be an inconvenience. Ask your manager if an email from a third party is a genuine vendor email request you should reply to or engage with. Ask HR if it really is open enrollment. Ask questions to ensure that youre interacting with the email in a way that is safe, and my general rule is to ignore the rest. If its important, they will email again.Be on the lookout for crazy response deadlines and watch out for email senders with domains that dont match. But understand that some domains, and even login pages, can be the absolute genuine ones, just proxied (eavesdropped on) by the attackers. I suggest to only navigate to your login pages via trusted sources, like your saved bookmarks, rather than attempting to login to a service from a link in an email that you werent expecting.The bottom line is: stop, evaluate if you are having an emotional response, and then if you are, question the other aspects of this email to see if it appears genuine.Start asking questions and take the time to validate the request before you interact with it. Or, ignore it. If its important, itll come back to you. If it doesnt and if someone authorized doesnt communicate to expect the email, it was probably not a genuine request.With phone phishing, the best defense is simply not answering the phone. But if you have to answer the phone, the same rules apply. Take time to ask a lot of questions and properly validate a request.No matter how charming the requestor may be, always verify identities and stick to company policies regarding verification and authorization.Q: In your experience, whats the #1 thing that even the most knowledgeable people overlook when under a phishing attack? (Question by Diana)People often assume that they are immune to manipulation and that common social engineering tactics simply wont work on them. This is a terrible assumption to make, as every human is vulnerable to these weaknesses.We are, by definition, human, and the world would be a very cold and callous place to live in if we lacked empathy and trust. It would also be very difficult for us to even leave the house if we were unable to trust anyone in our environment. We couldnt even start our cars if we didnt trust our mechanics and the people who manufacture the parts and fluids in them.Once people are able to separate the human elements from the phishing attack, and remove the parts of the campaign that are meant to provoke emotion, it typically becomes more clear from an analytical perspective that the campaign doesnt seem to add up, or the requestor doesnt appear genuine.AI, deep fakes, and machine learning have influenced scamming and phishing over the past couple yearsQ: Would you say that AI (thinking of deepfake technology here) has had a significant boosting effect on scammers and phishers? Or is the classic method of email phishing and vishing still the go-to and most effective? (Question by Alex)Fake livestreams of Elon Musk are one of the best-known examples of deepfake scams in recent yearsSource: Trend MicroAI, deep fakes, and machine learning have certainly influenced scamming and phishing over the past couple years. Deep fakes used to be expensive to produce or, at the minimum, extremely time consuming. Now thats not really the case.I believe there is still a significant barrier to entry when it comes to skills and resources to create a compelling deep fake, even if youre able to collect enough material to train a compelling deep fake of a specific individual. For this reason, the ROI can be pretty low for your average scammers and low level for profit social engineering campaigns.Its simply not worth the time or the effort, especially when your standard authority or empathy based pretexts are still both effective and lucrative. In my opinion, the vast majority of attacks will still be rather traditional in nature, casting a wide net, and with less sophisticated pretexts and supporting infrastructure.However, for the high value targets, like the global mega corporations and individual spear phishing victims where theres a very high potential reward for attackers, I do anticipate we will see deep fakes more frequently. With such custom targeted attacks on high-value targets, the attackers stand to profit greatly if successful.Q: Are you concerned with the potential of AI for developing malicious code and how its vast coding knowledge may be used as part of more complex cyber attacks? (Question by Amy)Of course Im concerned. I think the majority of us are similarly concerned. I do feel that the use of AI in code development will be a game changer for many of us, in a positive way.However, I do know that some people are using it irresponsibly and sharing proprietary company information with large language models (LLM) that are not properly segmented from the public models.Also, we are aware that malicious attackers can leverage these models to create advanced methods of attacking these systems. Since the LLM was used to develop it, it therefore has intimate knowledge of how it is built.Put plainly, if an LLM was used to develop something, it only makes sense that it would know how it is vulnerable to attack. That is something that concerns me, that attackers can then weaponize this knowledge and use it against these systems.Q: To clarify this once and for all, can you get infected by simply opening an email or are you safe to do so as long as you dont click on any links or open any attachments? (Question by Alex)Simply opening an email is safe in most modern email systems. The real danger comes from clicking on suspicious links, enabling external content, or opening attachments without verifying the source.Practicing caution and keeping software up to date effectively mitigates the risks associated with email-based threats. However, the risk is never zero.In older, outdated environments, email systems, or less mature organizations, more sophisticated threats may pose significant risks to systems and data without requiring human interaction. In such cases, its crucial to have additional layers of technical security in place to prevent compromise.Q: A company can have all the most up-to-date cybersecurity tech. However, often, its us who are the weak link in an organization. We can be taught the signs that suggest something is untoward (the half-hour security awareness training video), but its that human (emotional) aspect that makes us vulnerable. Especially the face-to-face (your favorite) variety. How do you go about addressing that balance between vigilance and constant suspicion? (Question by Alpa)Many employees still fall for phishing emails, despite cybersecurity trainingVery early in my career, I believed that Security Awareness Training was the answer. Soon, I realized that humans still failed the test.Then, I thought, this must be a culture issue. People just didnt seem to care; they knew better, but they werent invested in protecting their employers and their employers data from attackers. This was also not entirely correct.As it turns out, studies have shown that some people are simply not able to discern when theyre being manipulated. They lack the ability to perceive the threat, to see when people are being deceptive. So, you have people at many unique levels of awareness and capability when it comes to identifying potential social engineering tactics employed by attackers in the wild.Its very difficult to issue one-size-fits-all advice for an employee population to achieve the balance between paranoia and fantastic customer experience. Even when that experience is an internal help desk experience.So, how do we standardize these processes to ensure that people at all levels are able to defend against social engineering attacks consistently, and empower them to say no without making them responsible for delivering a bad experience to the requestor in the interaction?The answer is policy and procedure around requestor verification, and empowering our employees to stick to these policies and procedures without fear of taking the blame for declining to authorize individuals who do not pass verification checks.When employees can effectively point to a procedure and a policy behind it, and then say this is a non-negotiable, then it takes the burden of the no away from them. It allows them to do their job and ask the right questions, and it will stop attackers the vast majority of the time.It also takes the burden off the human to decide when they need to be suspicious and when they can be relaxed. All too often, humans make the wrong call in these cases. We are human, and we sometimes trust for the wrong reasons and make poor choices. Thats just human nature, to make mistakes. And thats okay.On the thrill and challenges of red team operationsQ: Whats the most thrilling and high-stakes assignment you had as a social engineer? One that demanded every ounce of skill and ingenuity to keep your cover intact. (Question by Alex)The majority of my red team engagements are conducted remotely. This is true for the remainder of the red team and me; we conduct our assessments remotely, for the most part. And in some cases, they dont even involve social engineering tactics at all. I qualify social engineering as a skill, more so than a job title.That said, on the red team, we do occasionally have the opportunity to include on-site physical infiltration of the client offices for our red team operations.When we are conducting a physical penetration test, the red team trophy objectives may be similar to the ones for the remote red team engagements, i.e. own the client network. However, in these cases, we are permitted to use the method of physical access to the client building as a means of achieving the goal. And you cannot replicate the adrenaline or the anxiety of breaking into a building. You do get slightly more comfortable and more confident in these scenarios after completing several engagements. But the stakes are always high, because the goal is always to remain undetected and to achieve the goal without being contacted by anyone.Due to the unpredictable nature of these situations, its very tough to plan for every potential outcome and this can be both vomit inducing and thrilling as heck, haha.One of my recent engagements had me going up against a former red teamer and someone who was also a former Israeli Defense Force (IDF) operator. I knew exactly who they were, and I decided to use this information, boldly leveraging their authority in my pretext, with plans to assert this authority over an unsuspecting receptionist.Much to my dismay, the usual receptionist was out of the office that day, and covering for them was a security manager. But to add even more difficulty to the situation, the security manager immediately escalated our request for access to the very person we had named in our phony work order, and who we expected to be working from home that day.When they came walking out to greet us, it became a standoff. We each knew the other knew more than they were willing to admit. And, while attempting to read each other, it became clear that we were at a stalemate.I compare this situation to when Beth loses her queen early on in the first episode of the series the Queens Gambit. Mr. Shaibel educates her on how to forfeit out of respect for her opponent as, despite it not being checkmate, she is clearly unable to best her opponent, having lost the advantage this early in the match.At this stage, I decided to resign. We let our opponent on the blue team kick us out and they let us leave with our dignity. I maintained the pretext even as we walked out of the building, calling our red team operator who was monitoring the number we had setup for our fake company on the work order, in case the blue team decided to call the number we left complaining, as any IT Technician would, that we had been denied access to complete our dispatch.Because I showed respect for my opponent and didnt waste their time attempting to strong-arm compliance with our request for access, an exercise I knew to be futile, we were actually able to smoothly transition the engagement to an assumed breach, and still deliver fantastic observations and recommendations to the client.And I gained a fantastic friend and resource in the blue team opponent. They are now someone I am quite proud to say caught me. And I have a lot of new skills to apply going forward to assist us with remaining undetected in future engagements.Q: Do you think blue team and red team roles require distinct skill sets? (Question by Diana)Red Team and Blue Team operators play distinct but complementary roles in cybersecurity, each requiring a unique set of skills.Red Teams focus on offense, using techniques to simulate attacks and identify weaknesses in an organizations defenses. Their skills revolve around penetration testing, social engineering, stealth tactics, and post-exploitation. In short, knowledge of systems, processes and applications, and anything else that helps them exploit vulnerabilities and evade detection.Red Teamers need to think creatively, often automating tasks with scripts and using specialized tools, all while maintaining strict operational security to remain hidden from defenders.On the other hand, Blue Teams are the defenders, focusing on detecting, responding to, and remediating attacks. Their expertise lies in monitoring network traffic, analyzing logs, and incident response.Blue Teamers are skilled in using detection and monitoring tools, identifying patterns and indicators of a compromise, along with forensic techniques to investigate and respond to potential threats. They also focus on proactive security measures like system hardening, vulnerability management, and behavioral analysis to reduce attack surfaces.While each team has its own focus, cross-team collaboration and understanding of each others methods are essential for a well-rounded security posture, often facilitated through Purple Teams. This collaborative approach allows organizations to continuously refine both their offensive and defensive strategies, improving overall resilience against cyber threats.I would also encourage practitioners to switch sides from time to time in their roles, and throughout their careers, to see which areas of focus they are most drawn to. Some folks find new passion playing for the other team, while others can benefit from seeing things from the other side or from new perspectives.For example, you can better detect attackers if you understand how attackers think, while its also true that you have a better chance of remaining undetected if you understand how defenders detect attackers.Q: Through InfraGuard youve worked with the FBI. Whats the juiciest security failure youre allowed to share? (Question by Alpa)Unfortunately, I am not able to share anything related to my relationship with InfraGard or the FBI, or information shared with me.Sometimes, they allow me to present to them the operations I am working on and to do outreach in our local community, where I help to educate local businesses on cybersecurity risk.Recently, I had an opportunity to do that at the 19th Annual Cybersecurity Symposium hosted by InfraGard Sacramento, where I was one of the invited speakers.Q: Some of us still feel the itch to interact even when we recognize a phishing attack. Is it ever safe to engage with the attacker, or should we still avoid it? (Question by Diana)My advice is always not to engage. This is the only way to prevent any potential negative consequences. If you engage, you encourage the attacker to continue to persevere.This persistence is exactly what we want to discourage. And by not engaging, they will likely move on to another target who is responsive.I know that it is tempting to engage and, sometimes, it can be entertaining, especially with text message based phishing attacks. I myself have done so in the past. However, I would recommend leaving these conversations and marking them as spam or reporting them as junk whenever possible.This advice also extends to social media platforms and direct messages on those and other online forums. While it may be entertaining, it can be a gateway to retaliatory behavior from the attacker, and there are much better ways to expend your own energy.Q: How would you rate the following security and data privacy environment, and how could it be improved, with data security and privacy in mind?1. 1Password for all online accounts [] (question continues) (Question by Alex)This is great!2. Double-blind password system for the 1Password master password, with one part memorized and one part stored as a static password on a YubiKey. The full password would have a very high entropy, so its completely random. []Also a great idea, but tough to implement throughout an entire organization.Perhaps only require this level of password requirement for those with the highest levels of privilege, and have more relaxed requirements with U2F implementation for users with lower levels of access.Youd still have highly phishing-resistant password and access control requirements, but not so difficult that you create a nightmare for helpdesk employees, who will be resetting access for everyone who forgets and/or loses their YubiKeys all the time.3. YubiKey security key as the sole 2FA across all websites that accept it. Otherwise, the Yubikey proprietary authenticator as an alternative. []Another great recommendation.4. ProtonMail as the main email provider with several sub-addresses for individual service categories (like banking, social media, work, etc.) []For personal use, I absolutely encourage this. For organizations, it may make collaboration a bit more complicated.Theres a balance to be struck between collaboration and security. The level of risk the organization is prepared to assume often depends on the sensitivity of the data and the people its charged with protecting.5. Never using public Wi-Fi networks []I support this one always and for everyone.6. Typical distrust toward all email links unless its something specifically requested on the spot (like password reset links) []I would clarify that verified internal and expected links are typically okay but, yes there is just never a hard and fast rule7. Remote work, so no unauthorized access to personal devices []Always nice, but Id add also encouraging remote workers to keep devices secure and locked when not in use, and not taking them to insecure locations, but working from remote home offices rather than areas where they can be easily shoulder surfed or compromised outside of their trusted network.8. Linux OS (OpenSUSE Tumbleweed) []Yes, potentially more secure, but again, may offer some challenges when it comes to collaboration and use of certain applications and services.9. Full data backup on a separate drive []Frequent, air gapped, and regularly tested backups are vital for recovery.10. VPN on for most of the time []A trusted VPN for connecting to the work network is always recommended.11. Librewolf browser with Privacy Badger extension []I prefer a chromium browser for collaboration, thanks to its usability with various services and also for ease of use. Developers typically develop applications and services with these browsers supported fully. Using the privacy capabilities of these browsers is absolutely something I would encourage as well.12. Startpage search engineSearch engines, I feel, are simply personal preference. But for avoiding having your data mined and sold, this is a very good and secure option.From me and the entire Techreport team, wed like to thank you for this opportunity, Alethe!We rarely get the chance to sit down with a cybersecurity and social engineering rockstar, so its been a real treat.ReferencesClick to expand and view sourcesAdd Techreport to Your Google News Feed Get the latest updates, trends, and insights delivered straight to your fingertips. Subscribe now! Subscribe now Diana is a seasoned writer with over four years of freelancing experience. Using her keen interest in statistics and data analysis, she specializes in crafting informative and practical content across various interesting topics.She's also passionate about workflow optimization, constantly researching and trying out the newest tools and project management software. Because it's always exciting to find new ways to streamline daily tasks!In her free time, she enjoys studying foreign languages and going for hour-long walks to reach her daily step goal. View all articles by Diana Ploscaru Our editorial processThe Tech Reporteditorial policyis centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written byreal authors.More from Interviews View all View all

Key takeawaysDetroit will launch a PayPal-managed crypto service by mid-2025, enabling its residents to make payments using Bitcoin ($BTC) and Ethereum ($ETH).Diving deeper into Web3, Detroit is calling for blockchain innovators to pitch ideas for decentralized developments thatll improve the city.Only three other US states accept crypto payments, making its ambition of becoming the largest US city for crypto payments plausible.By mid-2025, Detroiters will be able to spend crypto freely through a PayPal-managed platform.Another boon of the upcoming service is that theyll be able to pay their taxes using popular coins like $BTC and $ETH.Ultimately, the city strives tothe largest US city for crypto payments and welcome more innovative Web3 developments.Crypto Payments to Aid Unbanked DetroitersThe Detroit crypto payments initiative is a critical component for the city to enhance its financial services especially for those with limited access to traditional banks.Its an extremely strategic move, considering that 23% of low-income Americans are living without a bank account, and Detroit is one of the poorest major US cities. This new payment platform will increase accessibility for Detroiters who would like to use cryptocurrency; more importantly, the platform upgrade will also make it easier for Detroiters to make electronic payments including those who may be unbanked. Treasurer Nikhil PatelBy exploring blockchain-based technology, it positions itself in a financial landscape where cryptocurrency is becoming increasingly accepted.Per Chainalysis, the US ranks fourth in global crypto adoption, trailing behind India, Nigeria, and Indonesia. Source: ChainalysisDetroit Scours Other Blockchain InnovationsDetroit is doubling down on Web3, inviting blockchain entrepreneurs to pitch their ideas for city-changing decentralized developments.This open call seeks innovative projects that enhance data security and transparency, as well as streamlines public services.Proposals (to be sent to [emailprotected] by Dec. 15) should outline potential costs, stakeholders, risks, and their role in empowering the citys operations and residents.Is Its Plan for Web3 Dominance Plausible?Detroits plan to become the largest US city for crypto payments isnt too far-fetched. Just three US states Ohio, Louisiana, and Colorado accept crypto for tax payments.However, more cities are becoming attuned to the value of blockchain technology, possibly impeding Detroits progress.Miami notably positioned itself as a crypto-friendly hub early on; it rolled out MiamiCoin for city donations in 2022.Others that have also progressed in the crypto arena include Williston (North Dakota), accepting crypto for utility bill payments, and Miami Lakes (Florida), using PayPals crypto service for town contributions.Additionally possibly hindering Detroits lead is the self-proclaimed crypto president, Donald Trump, winning the presidential race.Given the high chance of looser US crypto regulations incoming, traditionally anti-crypto cities might switch their perspectives, making it tricky for Detroit to claim the top spot.ReferencesClick to expand and view sources23% of low-income Americans are living without a bank account (CNBC)Detroit, Michigan Population 2024 (World Population Review)Chainalysis Report: The 2024 Global Adoption Index (Chainalysis) Detroit to become largest city in US to accept cryptocurrency payments for taxes, other fees (Detroit.gov)2024 Cryptocurrency Adoption and Sentiment Report (Security.org)What is Miami Coin? (CoinMarketCap)Add Techreport to Your Google News Feed Get the latest updates, trends, and insights delivered straight to your fingertips. Subscribe now! Subscribe now Leah is a seasoned British journalist with nine years of expertise who specializes in Web3 reporting. Her insightful contributions have graced the pages of respected publications, including Coinbound, Cointelegraph, Bitcolumnist, NFT Lately, and NFT Plazas. With a keen eye for detail, she offers distinct perspectives on the ever-evolving blockchain industry. View all articles by Leah Waters (Alger) Our editorial processThe Tech Reporteditorial policyis centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written byreal authors.

MicrosoftMicrosoft is bringing AI capabilities to its simplistic Notepad app, which is known for its plain text functions, such as saving in .txt files.The new feature, called Rewrite will allow you to generate alternative text to fit your specific needs. Youll be able to modify the text to be longer, shorter, or to be written in a certain tone or format. The feature will generate three variations for you to select, and you will also have the option to retry if none of the results meet your standards.MicrosoftThe feature works by highlighting your desired text and right-clicking with your mouse or selecting Ctrl + I with your keyboard. This will bring up a text box displaying the alternative text options generated by AI, Microsoft said on its Windows Insider blog.Recommended VideosMicrosoft is clearly not the only brand using AI to help users upgrade their writing. The Rewrite feature is similar to the Summarize and Refine features within Google Workspace, and the Help Me Write feature within ChromeOS. Rewrite will be available as a software update for Notepad version 11.2410.15.0 coming to Windows Insider users under the Canary and Dev Channels. Microsoft has detailed that you need a Microsoft account to use the Rewrite in Notepad preview.The feature is available on Windows 11 in the U.S., France, U.K., Canada, Italy, and Germany. Additionally, users in Australia, New Zealand, Malaysia, Singapore, Taiwan, and Thailand using subscribed to Microsoft 365 Personal and Family and Copilot Pro can use AI credits to use rewrite in Notepad.Since Rewrite is being released as a preview, there is no word on whether the feature will be available as a full version rollout.In addition to Rewrite, Microsoft also detailed updates to Paint, including Generative fill and Generative erase.Editors Recommendations

Fitness tracking has become a staple of the modern age of consumer tech. Everything from our phones and tablets to even our smart TVs is packed with health-monitoring features, though one hardware category tends to dominate more than others: wearables. From smartwatches to fitness rings, theres plenty to love about these gadgets. So, we thought wed direct your attention to this great Fitbit offer we found while looking through Amazon deals:ContentsBoth the Fitbit Charge 6 and Fitbit Versa 4 are on sale today, but only for a limited time. Save up to 40% when you order through Amazon.$160 40% offJoe Maring / Digital TrendsThe Fitbit Charge 6 may be smaller than other smartwatches on the market, but its packed with excellent features and a slew of new Google apps for keeping up with your health and wellness. Compatible with numerous exercise machines and loaded with 40 different exercise modes, the Charge 6 also has enough battery life to last an entire week.RelatedWe tested the Charge 6 over a year ago, and reviewer Joe Maring had this to say: The Fitbit Charge 6 offers excellent health tracking and helpful Google apps in a sleek design and at an incredible price. Other noteworthy features include a 1.4-inch AMOLED display that delivers up to 450 nits at peak brightness, a lightweight fit, and three color options, including Black (with a Black band), Gold (with a Red Band), and Silver (with a White Band).$200 40% offFitbitThe Fitbit Versa 4 has been a fan favorite across the board, and were here to join the fanfare! This impressive Android-powered smartwatch is a cosmetic delight and feels good to wear for hours on end. An improved touchscreen (compared to the Versa 3) is far better at handling taps and swipes, and the latest generation even lets you use Alexa voice commands to control the wearable.While we wish there were third-party apps to enjoy, the Versa 4 is a terrific midrange smartwatch with excellent battery life and an intuitive interface.Were not sure when these two smartwatches will be marked down again, so now might be the best time to save on both models. Take $60 off the Fitbit Charge 6 and $80 off the Fitbit Versa 4 when you order on Amazon. You may also want to check out our list of the best Fitbit deals, along with our list of the best smartwatch deals, for even more awesome discounts!Editors Recommendations

The billionaire owner of SpaceX was on the call briefly and his involvement wasnt planned, according to those familiar with the conversation.

The Transportation Security Administrations latest push would apply to more companies than temporary directives issued after the 2021 hack on Colonial Pipeline

The artists 1931 painting depicts an old-fashioned American living room in a modern, Cubist-influenced style, forging a new aesthetic of the 20th century.