Unsupervised Learning NO. 390

Unsupervised Learning is a Security, AI, and Meaning-focused podcast
that looks at how best to thrive as humans in a post-AI world. It combines
original ideas, analysis, and mental models to bring not just the news, but
why it matters and how to respond.

Hey everyone,

Hopefully your week is starting off better than Siri handles AC
requests.

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ
@DanielMiessler

Siri quality after nearly a decade.

 

11:21 PM • Jul 16, 2023

  

134 Likes  
8 Retweets  

9 Replies

I honestly don’t know how the Apple Maps guy got fired but Siri still
sucks this bad after all these years.

Anyway, we put out a new piece of member content
this weekend, I’m working on slides for talks, and progress continues on
the product we’re building. I also up-leveled my hummingbird feeder game
to four of these.

I hope you’re doing well,

Let’s get into the week!

In this episode:

VoiceFake Scams on the Rise
FrontView Mirror, 2024 Edition:
Trends and Preparations
AI and Content Creation: A Discussion on The
Phillip Wylie Show
Chinese Email Hack: A Sophisticated Espionage
Effort
Transatlantic Data Flow: A New EU-US Data Privacy
Framework
Docker Security Flaws: Sensitive Data in Docker Images

HCA Healthcare Breach: Impacting 11 Million Patients
Orca Suing Wiz:
A Case of Patent Infringement
AI-Enabled Cybercrime: The Rise of
WormGPT
Twitter Struggles: Ad Revenue Plummets by Nearly 50%

TikTok Music Launches: A New Competitor for Apple Music and Spotify

MY WORK

FrontView Mirror, 2024 Edition (Member Content)
My annual look at trends I’m seeing and what we can do to get ready
for them. Topics: Individual Independence, Process Primacy, and Trust
Triangulation
MORE

Talking AI and Content Creation on The Phillip Wylie Show
I went on my buddy Phillip Wylie’s podcast a few weeks ago and had a
great conversation with him about career trajectories and chasing your
desires.
MORE

SECURITY NEWS

AI Voice Scams Being Deployed
— I know at least 3 normal (non-infosec) people who have been targeted by
scams using AI fakes of family member voices
in the last two weeks. The latest was a mother receiving one of the
daughter, probably faked using her voicemail. You and I are not likely to
fall for this, but be sure to tell your family and friends about the trend so they don’t fall victim.

Office Zero Day
Microsoft has disclosed an unpatched zero-day security bug in Windows
and Office products, exploited to gain remote code execution via malicious
Office documents. The vulnerability, known as CVE-2023-36884, was used in
high-complexity attacks targeting the NATO Summit in Vilnius, Lithuania.
MORE

 Chinese Email Hack 
Chinese hackers, suspected to be part of an intelligence
operation, have breached US government email accounts, as disclosed by
Microsoft. The attack was not a broad-brush intrusion but a targeted one,
focusing on specific accounts and went undetected for a month, suggesting a
sophisticated espionage effort.

– The hackers used forged authentication tokens to gain access.

– Approximately 25 organizations, including government agencies, were
compromised in the attack.

– The breach could potentially exacerbate already strained US-China
relations.

– The US government has been transitioning data to the cloud for better
access and improved security.

– The breach has prompted a review of government security requirements and
protocols.
MORE

Transatlantic Data Flow
The European Union and the United States have finally struck a deal
that allows companies to freely transfer data across the Atlantic,
potentially putting an end to a three-year period of legal limbo that has
affected tech behemoths like Facebook and Google. This new agreement, dubbed
the EU-US Data Privacy Framework, comes in the wake of the EU’s top court
striking down the previous data agreement, known as Privacy Shield, due to
concerns that US intelligence agencies had too much freedom to access
Europeans’ personal data.
MORE

Sponsor

Secure Your Cloud Future!

AWS Security Foundations are no longer a nice-to-have. As data, apps, and
services ascend to the cloud, you need to know more than just how to get
to the cloud, but how to do it securely.

 Take off with our FREE eBook, your ultimate guide to AWS security. Discover the key principles to
fortify your AWS environment, all in a digestible, jargon-free format.

 Illuminate your cloud journey. Secure your business. Protect your customers. All this knowledge, just a click away.

Grab your FREE AWS Security Foundations eBook
now! Let’s conquer the cloud, together.

wiz.io/lp/aws-security-foundations-for-dummies

Download the eBook

   

Docker Security Flaws
Researchers at RWTH Aachen University in Germany have discovered that
approximately 8.5% of Docker images hosted on Docker Hub contain sensitive
data such as private keys and API secrets.
MORE 

HCA Healthcare Breach
HCA Healthcare, one of the largest healthcare services providers in
the US, announced a significant data breach impacting approximately 11
million patients. The breach was discovered on July 5, when a threat actor
posted a list of stolen personal information on an underground forum,
including names, addresses, birth dates, and appointment dates.
MORE

AI-Enabled Cybercrime
A new tool, WormGPT, is being advertised on underground forums,
enabling even novice cybercriminals to launch phishing and BEC attacks
swiftly and at scale.
MORE

Orca Suing Wiz
Orca is suing Wiz for patent infringement. As a non-expert with
exposure to both tools, this seems like the desperate measure by someone
getting trounced in the marketplace. All I heard from others when I used
Orca was how much better Wiz was. Note: Wiz has also sponsored the show
before, and I think Orca has as well.
MORE

TECHNOLOGY NEWS

Twitter Struggling
Despite aggressive cost-cutting measures, including laying off half
of the company’s 7,500 staff, Musk says Twitter’s ad revenue has plummeted
by nearly 50%. Too early to say, but I might end up being wrong about him
turning this around. It’s looking pretty bleak, and I don’t see any signs of
him getting better at listening. Meanwhile, Threads.
MORE

Chinese AI Rivalry
China’s search engine pioneer, Sogou founder Wang Xiaochuan, has
launched an open-source large language model, Baichuan-13B, through his
startup Baichuan Intelligence. This model, touted as one of China’s most
promising, is based on the Transformer architecture and trained on Chinese
and English data.
MORE 

Musk’s AI Startup xAI
Elon Musk has unveiled his latest venture—an artificial intelligence
startup named xAI, staffed with engineers from renowned companies like
OpenAI and Google. Musk, known for his cautious stance on AI, has previously
advocated for a pause in AI development and the establishment of regulatory
measures to ensure its safe progression.

– xAI’s goal is to “understand the true nature of the universe.”

– Musk was one of the original backers of OpenAI.

– He has criticized ChatGPT for having a liberal bias.

– Musk signed an open letter calling for a pause to “Giant AI Experiments”.
MORE

TikTok Music Launches
TikTok is stepping in to compete with Apple Music and Spotify with
its new platform, TikTok Music. Initially available only in Brazil and
Indonesia, the service offers unique features like song recommendations
based on viral TikTok videos.
MORE

HUMAN NEWS

Long COVID Gene
Researchers have identified a gene linked to long COVID in a
genome-wide study. The gene, FOXP4, is active in the lungs and some immune
cells, and was found in an analysis of 6,450 patients across 16 countries. I
wonder if 23andMe tracks this one.
MORE 

Migration Backlash
Waves of migrants taking dangerous, unauthorized passages to Europe
and the U.S. are sparking a new rush of anti-immigrant policies and
deepening political divisions in several wealthy countries. The UN reports
that last year, a record-breaking 2.9 million new asylum applications were
submitted, the highest number since at least 2000.
– 40% of the new applications were from Latin America and the Caribbean
– There’s been a surge in Europe, driven by migrants from Syria, northern
Africa, Iraq, Turkey
– In the U.S., almost every 2024 Republican presidential candidate has
embraced a tough stance on border security
– In Europe, far-right politicians are demanding tighter immigration
policies
– The Netherlands’ government collapsed over disagreements on refugee
restrictions
MORE 

Banking Boom
Major US banks, including JPMorgan, Wells Fargo, and Citigroup, have
reported quarterly profits that have exceeded expectations, suggesting a
robust US economy despite interest rate hikes. The Wall Street Journal
reports that these banks have seen a combined growth of 31% in income from
interest on loans compared to the previous year.
MORE

IDEAS & ANALYSIS

Atomic vs. Molecular Ideas: On-ramps and Off-ramps
A buddy and I
were talking last week about a really cool idea I am pretty sure I’ve
written about before. Basically, there are individual ideas, like ‘we should
protect the freedom of speech’, and then there are ideologies, like
socialism and facism. The conversation we had was around slippery people
using benign ideas to onramp into a gross ideology. Example: SolarPunk being
a benign idea around breaking off from greater society and technology, and
returning to the foundational pleasures of working land, being close to
nature, raising your own food, etc. That’s used as an onramp to a TRAD
ideology in which women and minorities end up subservient to men, who often
somehow end up being white. So the ideas are the atoms, and the molecules
are the ideologies. And you can’t really have impactful atoms. It’s their
combination that becomes something consequential. In the case of negative
ideologies the discussion was about how to defend people against specious
arguments that start with attractive atomic ideas, like SolarPunk, and to
teach them how to watch for the onramps to harmful TRAD ideologies. Then, if
someone has already been captured by such a system, what are the off-ramps?
How can we break that molecule up into its individual atoms and show how
it’s possible to keep the good components while discarding the bad?

NOTES

So happy for my friend Tae’lur for landing her first job in InfoSec! Welcome
to the field!

Tae’lur Alexis
@TaelurAlexis

I’m happy to announce I got the job! I’ll be starting as a CVE Analyst
@semgrep working on their Semgrep Supply Chain product,
researching vulnerabilities for their open source dependency scanner.

It’s been an adventure learning cybersecurity as a software dev. I’m
excited!

 

1:46 PM • Jul 17, 2023

  

130 Likes  
4 Retweets  

29 Replies

Congrats to my buddy
Jason Haddix
for completing his first full paid hacking courses! He did it over two
weekends with hundreds of attendees and the reviews are INSANE as expected.
Can’t wait to see more courses from you friend!
MORE

We’re putting together a UL meetup in Vegas. If you’re going to be around
between Monday and Sunday, stay tuned for details in UL Chat.

I cannot recommend
this book on Stoicism
enough. I recommend you read all the various canonical books if you get into
Stoicism, but this one remains my favorite.
MORE

DISCOVERY

CodeBox
— Code Interpreter, but available via API. I’ve been waiting for this.
MORE
|
CODE

LazyVim
— A fully NeoVim setup that gives you the Vim experience with the power of a
full IDE. I personally don’t use one of these environments because I’d
rather do things myself, but it does give you an instant feeling for
NeoVim’s potential when configured.
MORE

GPT Prompt Engineer — Simply input a description of your task and some test cases, and the
system will generate, test, and rank a multitude of prompts to find the ones
that perform the best.
MORE

FindMyTakeover
— Detects dangling DNS record in a multi cloud environment by scanning all
the DNS zones and the infrastructure present within the configured cloud
service provider and finding the DNS record for which the infrastructure
behind it does not exist anymore rather than using a wordlist.
MORE

Top 25 Recon Tools
— A top 25 list of Recon Tools and their purposes.
MORE

Web App Hacking With Caido
— A full video conversation on hacking web apps using my favorite Rust-based
Burp alternative.
MORE

JSLuice
— A Bishop Fox tool written by
@tomnomnom
for extracting URLs, paths, secrets, and other juicy nuggets from
JavaScript.
MORE

Life OS Dashboard
— A super-interesting-looking Notion dashboard for life tracker types. MORE
|
VIDEO

AWS Docs GPT
— Search AWS Docs using an LLM.
MORE

How to securely build product features using AI APIs
MORE

Why does virtually every action hero’s name start with J?
MORE

Hacking LangChain for fun and profit
MORE

How to Do Great Work (Paul Graham)
MORE

News is Propaganda
MORE

Nobody cares about your blog, but that’s ok
MORE

RECOMMENDATION OF THE WEEK

Go play with
OpenAI’s Code Interpreter. What is it? It’s basically an AI agent combined with tons of analysis
tools, and when you upload files or code to it you can ask it to find
patterns, make graphs, and do all kinds of crazy stuff.

Examples:

• Do your taxes

• Find patterns in lots of data

• Clean up your data

• Modify data in a certain way

• Create visualizations for complex data

• Tell a story about data

• Produce video and GIFs from images

• Convert files from one format to another

• Analyze and debug code

It’s best to think about it as an independent AI system with access to tons
of tools. Like ChatGPT, except with octopus hands and the ability to code.
When I talk about getting ready for the future, and I talk about being able
to use AI tools fluently, this is the type of thing I’m talking about. And
even better if you a use it through an API.
MORE 

Pro Tip:
If the file you want to work with is too large, you can zip it up and
send that instead! Including a whole directory! Code Interpreter will
unzip it and consume it!

APHORISM OF THE WEEK

❝  

The highest form of ignorance is when you reject something you don’t know
anything about.

  Wayne Dyer    

Share Unsupervised Learning

Or copy and paste this link to others:
{{rp_refer_url_no_params}}

How are you liking the UL newsletter?

The newsletter overall and/or this episode…

• Wow
• Strong
• Meh

Thank you for reading! See you next week!