UL NO. 444: Pizza Meter Intelligence, China Bypasses Bans, Securing AWS Secrets…

SECURITY | AI | MEANING
:: Unsupervised Learning is my continuous stream of original ideas,
story analysis, tooling, and mental models designed to
help humans lead successful and meaningful lives in a world full of
AI.

TOC

• NOTES

• MY WORK

• SECURITY

• AI / TECH

• HUMANS

• IDEAS

• DISCOVERY

• RECOMMENDATION OF THE WEEK

• APHORISM OF THE WEEK

NOTES

Hi!

OSINT is one of my favorite hobbies, and the Pizza Index is one of my
best examples of what you can do with it.
Basically it’s how much pizza the Pentagon is ordering—with the
implication being that they’re working late because something’s going
down.

And with the stuff happening between Iran and Israel (and elsewhere), it
looks like they’re quite busy. Lots of pizza and empty bars.

RealBenGeller
@RealBenGeller

🚨Pizza meter is off the charts and the “bars” in DC are empty near the
Pentagon. Brace yourselves.

 

2:07 AM • Aug 3, 2024

  

24.2K Likes  
2.86K Retweets  

472 Replies

This is why I can’t wait to fully build out my agent framework, and for
agent functionality to become integrated with models / platforms (my
personal prediction for 2025).

This will allow OSINT experts to take all their various sources and
techniques and turn them into continuous data pipelines that they publish
via API.

I’ll be publishing many of these myself. Think Pizza Index, but for
thousands of different signals around different activities. So, military
movements, money transfers, discussion in various forums, etc.
And because they’ll be AI Augmented, they won’t just be raw data streams,
but actual analysis.

It appears X may be about to initiate an attack against Y. We make this
assessment based on the following:

– The following troop and vehicle movements

– The following comments made by experts with an exemplary prediction record

– These moves in the following 3 prediction markets

Based on all three of these, we estimate a 93% chance of this attack taking
place within 72 hours.

  The type of reports that will be everywhere soon

Anyway, super excited about this.

• Already in Vegas and we’re missing my cooled bed surface. And AC. And
  Neorest. But so worth it to see everyone.

• Really looking forward to our UL Member meetup later this week. Going to
  get to see a few long-time members in person for the first time!

• Dont’ forget your primary, secondary, and tertiary burner phones.

—

🚨The State of Things
Ok, given the state of the world right
now—and the current stock market crash—I felt inspired to write
a long stream-of-consciousness view of what’s happening in the world and
how I plan on responding. It’s heavy and political and deep and personal, so
only read it if you are interested in thinking and feeling things.
READ IT

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️
@DanielMiessler

I don’t know two shits about the Yen or the likelihood of a US
recession, but what I can tell you is how I see things right now—as
someone in the US—and how I am personally going to respond.

First and most obviously—things are a bit crazy. Here’s a short list.

– Riots in the UK… x.com/i/web/status/1…

 

3:56 PM • Aug 5, 2024

  

0 Likes  
0 Retweets  

0 Replies

MY WORK

A slightly upgraded version of last week’s main piece on why AI will disrupt
business and society.

We’ve Been Thinking About AI All Wrong

AI is just a way to execute Intelligence Tasks that only humans can do.

danielmiessler.com/p/weve-been-thinking-about-ai-all-wrong

—

I spoke with Christine Gadsby, Head of Product Security Operations Team at
BlackBerry and we talked about the Role of AI in Cybersecurity, including:

• AI’s real advancements, practical applications, and associated
  challenges, moving beyond the hype.

• Enhancing Incident Response and Threat Hunting

• Christine highlights AI’s significant impact on enhancing incident
  response and threat hunting, how AI quickly analyzes vast data to
  identify Indicators of Compromise (IoCs), automates routine tasks, and
  improves decision-making with actionable insights.

• And lots more…

Go check it out.
WATCH THE INTERVIEW

A Conversation with Christine Gadsby from BlackBerry

SECURITY

Two critical ServiceNow vulnerabilities reported by AssetNote 💪 are being
actively exploited. These flaws allow attackers to access databases,
exfiltrate data, and read arbitrary files, and they’re currently affecting
between 13k to 42k instances.
MORE

A company has reportedly paid a new record-high $75 million to a
ransomware group. It’s a lot of money compared to anything other than not
being able to do business.
MORE

DigiCert is revoking 83,000 TLS certificates due to a domain validation bug
that could lead to clashes between records and subdomains.
MORE

Sponsor

Dropzone AI

Hey, Daniel here.

I’ve seen a thousand different AI + Security startups at this point. Most
are very early and/or theoretical. Some are pretty decent, and a few are
impressive.

But the absolute best I’ve seen so far – by far – is Dropzone.ai. They’re the only company I’ve seen that’s really mastered the agent
aspect of doing investigations.

It takes alerts from various tools and just starts working on them—just like a human would. Needs more data, goes and researches that.
Needs to find some context? It goes and gets that.

So by the end you have a fully documented set of steps that were taken
to research an alert, and a conclusion on whether or not it was
malicious—all with full documentation.

I’m so impressed with it that I’m now an advisor as well.

Want to learn more and see Dropzone.ai in action? Come meet the Dropzone.ai team in person at Security Wasteland during Black Hat.

 wwv.vulncheck.com/security-wasteland-black-hat-2024

Register Here

   

China is getting around U.S. bans on advanced AI chips through smuggling,
front companies, and loopholes, ultimately allowing restricted Nvidia GPUs
to flow into the country despite export controls.
MORE 

Ransomware attacks are rising with an 18% year-on-year increase reported by
Zscaler ThreatLabz, including a record $75 million ransom paid this year.
The U.S. faces nearly half of all attacks, with the U.K. being the second
most targeted country.
MORE

💡I’ve always considered ransomware attacks to be something we’d have to
invent as a government service if it didn’t exist in the marketplace. Like
as a way to test and punish bad security.

But my intuition was that after a number of years it would get harder and
harder because security would increase. So if they’re still increasing, I
wonder what the reason is. Are attackers moving to more vulnerable targets
after others locked themselves down, or are they just getting better at
finding holes, something else, or all of the above.

Probably all of the above.

If someone has more insight—or a write-up on this—on that I’d appreciate
it.

A great analysis here of securing secrets in AWS outlines how to improve
credentials access incrementally. The post covers using Secrets Manager and
KMS to eliminate plaintext secrets from production and enhance credential
management in CI/CD pipelines.
MORE

A solid blog post discusses creating custom implants for evasion by building
them in C, detailing server setup, client functionality, and testing against
security tools.
MORE

The average cost of a data breach jumped 10% to $4.88 million in 2023
according to the Cost of a Data Breach Report 2024.
MORE

China is tightening its civilian drone export rules starting September 1 to
prevent their use in military or terrorist activities. The new controls will
target drones with IR imaging, laser guidance, and high-precision inertial
measurement devices, while lifting restrictions on long-range civilian
drones.
MORE

AI / TECH

OpenAI has started rollout of its new ChatGPT Voice feature for ChatGPT Plus
users, enabling real-time conversations with emotion detection. Initially
available to a small group, it will expand to all Plus users by fall 2024.
MORE

💡I am part of this initial rollout and I can tell you that the
conversations with the product are far more natural now.

I talk to AI a lot using the Cove voice on ChatGPT (Cove sounds an awful
lot like TARS from Iterstellar btw) and that I have mapped to double-tap
and my Action Button on my phone for quick access.

Now it’s just a bit more natural sounding, although I’m getting a lot of
weird artifacts in the voice which could be due to load or bandwidth
issues. Not sure.

Black Hat USA 2024 Preview: AI, AI, and More AI — Decipher editors Dennis
Fisher and Lindsey O’Donnell-Welch, along with Brian Donohue, discuss the
upcoming Black Hat talks they’re excited about. Highlights include sessions
with H D Moore, Sherrod DeGrippo, and Moxie Marlinspike, as well as some
intriguing talks with cryptic titles.
MORE

California’s SB-1047, the “Safe and Secure Innovation for Frontier
Artificial Intelligence Models Act,” aims to regulate large AI models by
mandating safety measures to prevent catastrophic incidents. Critics argue
that the bill’s focus on existential threats could stifle current AI
research and development.
MORE

The EU’s risk-based AI regulation began on August 1 with staggered
compliance deadlines categorizing AI applications into low/no-risk,
high-risk, and limited risk tiers. It imposes transparency, risk management,
and penalties for violations, with standards for high-risk and powerful
general-purpose AI models to be finalized by April 2025.
MORE

OpenAI has launched the GPT-4o Long Output model (in limited availability),
which extends its output capacity to 64,000 tokens—16 times more than the
original GPT-4o. I think the best use cases for this will be things like
writing long-form content.
MORE

Google’s experimental Gemini 1.5 Pro has claimed the top spot on the AI
Chatbot Arena leaderboard, surpassing OpenAI’s GPT-4 and Anthropic’s Claude
3.5 with a score of 1300. I’ve personally not used it yet because I find
using Google products to be excrucatingly painful—especially their AI
products.
MORE

Meta says it will need 10x more computing power to train Llama 4 compared to
Llama 3. So impressed with how Mark has gone from Metaverse Failing to AI
Winning in like a year. I credit Jujitsu. |
MORE

Elliott Management is calling Nvidia a ‘bubble’ and says AI is ‘overhyped’.
They argue that the market is overly optimistic about AI’s potential and
Nvidia’s role in it. I think it’s a bubble, but it’s a bubble like the
internet in 1995. In other words, there will be a bursting of AI hype,
but that’s completely unrelated to the hockeystick AI is about to
produce. These are unrelated things.
MORE
|
MY ANALYSIS

Bellingcat has put together a guide on identifying explosive ordnance (EO)
in social media imagery. It covers how to verify the authenticity of images,
use reverse image searches, and identify EO based on text, colors, shapes,
and contextual clues.
MORE

CrowdStrike is facing massive lawsuit after Blue Friday crashed over 8
million computers globally. The lawsuit claims the company made “false and
misleading” statements about its software testing, leading to a 32% drop in
share price and a $25 billion loss in market value.
MORE

Intel is laying off over 15% of its workforce as part of a $10 billion cost
reduction plan after missing quarterly earnings expectations. The company
reported a $1.61 billion net loss for Q2 2024 and will not pay its dividend
in the fiscal fourth quarter.
MORE

Apple just posted a record-breaking Q3 2024 with $85.78 billion in revenue,
surpassing analyst expectations of $84.46 billion. Not sure why Berkshire
Hathaway just sold so much of it. People are saying he’s anticipating a
massive sell-off and he wants to be in cash.
MORE

Apple is ramping up spending to get Apple Intelligence ready for launch this
fall. I’m using the beta that has it, and it’s already pretty impressive
even without most of the stuff turned on.
MORE

Continue reading online to avoid the email cutoff…

HUMANS

A lot of the world tried to push Huawei out of their infrastructure, but
they’re actually getting more powerful, not less.
MORE

A software company increased user engagement by 8x by drastically shortening
their emails. Netlify’s initial 150-word emails had a 1% reply rate, but
cutting the text to 37 words boosted replies to 4%, and further reducing it
to 14 words doubled that rate to 8%. Insane. Maybe the takeaway is people
don’t have much time, and you should respect it.
MORE

Last month, Shane Mac offered everyone at his company $25,000 to quit, and
six people took it. He did this because he realized he had oversold the
culture and needed to reset expectations to align with their ambitious
mission of building a decentralized and secure messaging protocol. The move
was part of a broader effort to rewrite their values, raise the hiring bar,
and ensure only those deeply committed to the mission stayed on board.
MORE

💡This is what I’ve been on about with the Alaskan Fishing Boat analogy. Companies only want fully-dedicated murderers now. Entitled people,
people who are are C and B players—all of those are going to get
increasingly phased out.

And AI will cut even more people who’ve been hiding in middle management
and other parts of the org where they get paid tons of money to not add
much value.

All the consultancies are going to use AI to come in and evaluate
business operations and find all those people, and recommend to the C-team
that they be fired and replaced with 1/10th their number of A-players, and
AI.

Journalist Evan Gershkovich was among a group of Americans and Russian
dissidents released from Russia in a seven-nation prisoner swap, the largest
since the Cold War. The US and Europe released eight Russian prisoners,
including hitman Vadim Krasikov.
MORE

Researchers at the University of California, Santa Barbara have developed an
AI model called SharkEye to help prevent shark attacks. The model uses
drones to detect sharks with greater accuracy than humans, even spotting
those below the water’s surface.
MORE

Treating failing eyesight and high cholesterol are two new ways to lower the
risk of developing dementia, according to a major report. The Lancet
Commission’s latest findings suggest that addressing 14 health issues could
theoretically prevent nearly half of all dementia cases worldwide.
MORE

Self-control is about 60% heritable, meaning genes explain roughly 60% of
the differences in self-control among individuals. A meta-analysis of 31
studies involving over 30,000 twins showed that identical twins are more
similar in self-control than non-identical twins, highlighting the genetic
influence.
MORE

💡Holy crap this could be devastating if it’s supported in further studies.
I worry about the narrative that both IQ and self-discipline are mostly
genetic, thus giving people an easy ramp to write off individuals or
groups if they have lower averages.

Luckily, even if true, 1) groups don’t define individuals, and 2) there’s
likely a LOT of slack in the environmental part that we’re not—as a
society—tapping into yet.

A new study reveals that people tend to alter their appearance to match
their names. Researchers found that adults’ faces often align with social
stereotypes associated with their names, while children’s faces do not show
this pattern. I guess be even more careful what you name your kids?
MORE

A key protein called Reelin may help stave off Alzheimer’s disease. A number
of new studies suggest that Reelin helps maintain thinking and memory in
aging brains, and when its levels fall, neurons become more vulnerable.
People are starting to work on drugs for this, obviously.
MORE

Wizards of the Coast will release the 2024 Dungeons & Dragons rulebooks
under a Creative Commons license, fulfilling a promise made after backlash
over attempts to change the Open Gaming License.
MORE

“If Novelists Wrote Your Bug Reports” imagines how famous authors would
describe software bugs in their unique styles. Ernest Cline likens a screen
flicker to scenes from “Back to the Future” and “Ghostbusters,” while Ursula
K. Le Guin philosophizes about the existential pain of coding errors.
MORE

IDEAS

More analysis on how bad the results were of the recent UBI study done by
Sam Altman. It appears to be pretty bad, just like we talked about last
week.

Athan Koutsiouroumbas
@Athan_K

A lot happened in July.  

But, one event went quietly unnoticed.
  
The
result of largest American controlled experiment in Universal Basic
Income (UBI) was released.

You haven’t heard about it
because the findings are terrifyingly bad.  (1/12)

 

5:23 PM • Aug 2, 2024

  

49.4K Likes  
14.2K Retweets  

1.56K Replies

—

A really cool idea from Jonathan Haidt about free-range kids, and a cool
idea for giving them more freedom.

Jonathan Haidt
@JonHaidt

Here’s a great collective action solution that you might be able to do
in your neighborhood: Create a “play street”, once a month: close off a
street for 2 hours, for kids to play, for neighbors to meet. It has
transformative effects!

theatlantic.com/family/archive…

 

11:54 AM • Aug 3, 2024

  

546 Likes  
102 Retweets  

26 Replies

DISCOVERY

🌱Farmbot is an open-source farming machine for growing food in your own
backyard.
MORE

Supermemory — An AI-powered platform to organize, search, and utilize saved
information, acting as a digital second brain. Key features include
importing bookmarks from Twitter, saving content from any source, and
retrieving info with instant answers. It’s open source. | by
Supermemory AI
|
MORE

Friend — Avi Schiffmann’s new AI pendant, Friend, is designed to combat
loneliness by sending you reassuring or playful texts based on what it
overhears. The always-listening device, which doesn’t store recordings, has
been compared to an adult Tamagotchi and is available for preorder at $99. |
by
Avi Schiffmann
|
MORE

Fabric – Daniel Kossmann walks you through installing Fabric, an open-source
AI framework by Daniel Miessler, on Ubuntu Linux. | by
Daniel Kossmann
|
MORE

Fleet – An open-source version of FleetDM’s tool built on Osquery for
vulnerability monitoring, MDM, detection engineering, and more applications.
| by
Fleet
|
MORE

SOC2 Policy Templates – A collection of templates for SOC2 policies and
procedures that can be outputted as an HTML dashboard or PDF.
MORE

Clutch Security – A platform providing visibility into all non-human
identities within an organization, helping security teams identify
associated risks. | by
Clutch Security
|
MORE

RECOMMENDATION OF THE WEEK

If you’re at Blackhat this week, remember that 10 and 20 years from now you
won’t remember the talks you saw this year. But you will remember spending
that time with your friends.

Prioritize friend-time over presentation-time.

Not only is the friend time more precious and valuable, but
you can get the talks later if you really want to.

APHORISM OF THE WEEK

❝  

Friends show their love in times of trouble, not in happiness.

  Euripides

Become a Member to need one less burner phone at DEFCON