Unsupervised Learning is a Security, AI, and Meaning-focused podcast
that looks at how best to thrive as humans in a post-AI world. It combines
original ideas, analysis, and mental models to bring not just the news, but
why it matters and how to respond.

Hey there, Happy Monday!

I’m spending most of my time improving my autonomous agents, coding on
our product, and prepping for Vegas. Saw this great Tweet from Jake
Williams about picking the right tool for the job, and thought it was
worth sharing.

Jake Williams
@MalwareJake

What’s the best EDR?

Well, that depends entirely on your use case…

10:34 PM • Jul 25, 2023

707 Likes
138 Retweets

12 Replies

Have a great week!

In this episode:

💡 Burnout and Addiction: A New Perspective
🚦 UL RSS Live: Stay
Updated
🔍 Security News: Testing Handbook, IDOR Vulnerability, Lazarus
Hacks
📈 Technology News: Startup Decline, iPhone Dominance, AI
Girlfriends
🌍 Human News: Longevity Habits, Unemployment Rates, Math
Crisis
💭 Ideas & Analysis: AI Tooling and Reading
🎨 Hacker
Art by Rez0
🛠️ Discovery: New Tools and Insights
👥 Managerial
Pitfalls: Transitioning Roles
👜 Birkin Bag Economics: The World’s Most
Expensive Handbag
🔭 Tool & Article Discovery
➡️ The
Recommendation of the Week
🗣️ The Aphorism of the Week

MY WORK

💡 Burnout and Addiction
My latest short essay on how burnout and addiction may have a
similar cause—and a similar solution.
UL

RSS Live
🚦 Our RSS feed is live again! You can hit it at
https://danielmiessler.com/rss.
FEED

SECURITY NEWS

Testing Handbook Unveiled
Trail of Bits has released the first chapter of their
testing handbook, with the first chapter focusing on Semgrep. The handbook aims to provide
comprehensive guidance on testing methodologies, starting with static
analysis.
TRAILOFBITS

CISA IDOR Vulnerability Warning
In collaboration with the Australian Cyber Security Centre and U.S.
National Security Agency, CISA has issued a warning about the significant
breach risks associated with insecure direct object reference (IDOR)
vulnerabilities in web applications. These vulnerabilities, which can lead
to unauthorized access and data breaches, have been exploited in several
incidents, resulting in the compromise of personal, financial, and health
information of millions of users.
BLEEPINGCOMPUTER

Lazarus Hacks IIS
The North Korean Lazarus hacking group is breaching Windows
Internet Information Service (IIS) web servers to distribute malware. The
group is leveraging poorly protected IIS services, with the main advantage
being the ease of infecting visitors of websites or users of services hosted
on breached IIS servers owned by trustworthy organizations.
BLEEPINGCOMPUTER

Sponsor

🔐 Opal, scalable identity security 🔐

🧍🏼Opal
is designed to give teams the building blocks for identity-first security:
view authorization paths, manage risk, and seamlessly apply intelligent policies built to grow with your organization.

They are built from the ground up to synthesize the data needed to
construct and monitor all of your company’s access – from a single pane of
glass.

🛡️Opal is used by best-in-class security teams today, such as Blend,
Databricks, Drata, Figma, Scale AI, and more. There is no
one-size-fits-all when it comes to access, but they provide the foundation to scale least privilege the right way.

👉opal.dev/demo👈

Watch the Demo

North Korean Hackers
North Korean hackers made a mistake that exposed their
real-world IP addresses during a recent intrusion at enterprise software
company JumpCloud. Mandiant, assisting one of JumpCloud’s affected
customers, attributed the breach to North Korea’s Reconnaissance General
Bureau, a hacking unit that targets cryptocurrency companies and steals
passwords.
TECHCRUNCH

China’s Disinformation Tactics
China is reportedly using fake social media accounts linked to
transnational criminal groups to spread propaganda and disinformation.
According to the Australian Strategic Policy Institute, these accounts are
connected to a network promoting Warner International Casino, an online
gambling platform operating in Southeast Asia.
THERECORD

Yamaha Cyberattack
Yamaha’s Canadian music division recently confirmed a cyberattack,
following claims from two different ransomware groups that they had attacked
the company. The trend of victim organizations being posted by multiple
ransomware groups is becoming increasingly common, with Yamaha being the
latest example.
THERECORD

Norway’s Government Breach
Hackers exploited a zero-day vulnerability in Ivanti’s
software, compromising a dozen Norwegian government agencies. The
vulnerability, tracked as CVE-2023-35078, received the highest CVSS score of
10, indicating a critical bug.
THERECORD

AI Phishing Attempts
ChatGPT and other AI assistants like Meta’s Llama 2 are being
tested for their potential use in phishing scams. While Llama 2 has built-in
restrictions against such misuse, ChatGPT produced a convincing email
template without pushback.
TALOSINTELLIGENCE

TSA’s CLEAR Concerns
The TSA is cracking down on the CLEAR program, which expedites
airport security using biometrics, due to a security incident last year. The
incident revealed that CLEAR’s facial-recognition system was vulnerable to
abuse, with nearly 49,000 customers enrolled
despite being flagged as non-matches by the software. Big Yikes.
VIEWFROMTHEWING

Militia Extremism
The FBI has released a reference guide on Militia Violent Extremists
(MVEs), detailing their ideologies, targets, tactics, and key terms. MVEs
are anti-government extremists who believe in using force to protect
perceived threats to their rights and the Constitution, often referencing
conspiracy theories and historic grievances. |
PUBLICINTELLIGENCE

Propaganda Escalation
Shanghai-based marketing firm Haixun has allegedly taken its
pro-China influence campaign to new heights, using newswire services, staged
protests, and billboard ads to spread propaganda in the U.S. The firm, which
has Chinese police and government agencies among its clients, was previously
associated with a campaign involving 72 fake news sites worldwide. |
THERECORD

LLM Vulnerabilities
Researchers have disclosed potential attacks on public Language
Learning Models (LLMs), and they have a pretty slick, minimalist way of
demonstrating them on the website. The team had previously alerted companies
hosting the large closed-sourced LLMs they tested, highlighting the need for
further research on adversarial attacks on LLMs.
LLM-ATTACKS

Data Brokers’ Tactics
Data brokers are now selling license plate location and
analytics data. This new trend has raised concerns about privacy and the
potential misuse of such information.
HACKERNEWS

AI Policing
An AI-equipped police van in Hampshire, UK, has been successful
in identifying drivers using mobile phones and other traffic violations.
During a week-long operation, the van detected 86 drivers using a phone, 273
not wearing seat belts, and 132 mechanical offenses.
BBC

Vulnerabilities:

🪳Critical Fortinet Vulnerability
— A critical remote code execution vulnerability has been discovered in
Fortinet’s Fortigate. | Critical | CVE-2023-27997 |
REDDIT
🪳MikroTik Vulnerability
Over 900,000 MikroTik routers are at risk due to a ‘Super Admin’
privilege elevation that’s exploitable with an existing admin account.
The problem is that the RouterOS operating system does not prevent
password brute-force attacks. | Critical | CVE-2023-30799 |
BLEEPINGCOMPUTER

TECHNOLOGY NEWS

Startup Decline
The entrepreneurial landscape is witnessing a concerning trend
– a steep decline in the formation of new startups. Data from Crunchbase
shows an estimated decrease of about 86% in the US, 89% in Israel, and 87%
in the EU from 2020 to 2023. Those are insane numbers! I’m hoping that means
it’s a better climate for people who actually do start a business?
CRUNCHBASE

iPhone Dominance
US iPhone market share has spiked to 55% in Q2, largely due to
a significant drop in Android smartphone shipments. The overall US
smartphone market saw a 24% year-on-year decline in shipments, with Apple’s
smaller 6% drop allowing it to increase its market share. It takes a while
sometimes, but quality and consistency eventually wins out in the
marketplace.
9TO5MAC

AI Girlfriends Trend
AI girlfriends are ascending, with many articles discussing the
implications of the trend on society and human relationships. The under 30
demographic, being the most tech-savvy and likely to be single, are turning
to virtual companionship, with 63% of men under 30 describing themselves as
single, compared to 34% of women in the same age group.
INNOVATIONNATION

HUMAN NEWS

Longevity Habits
A new study suggests adopting eight healthy lifestyle choices
at age 40 could add up to 24 years to your life. The study, analyzing data
on US veterans, found that even starting these habits at age 50 or 60 could
add 21 and 18 years to your life respectively. The list seems quite
approachable, actually.
CNN

Record Low Unemployment
Unemployment rates are hitting record lows in 17 states across
the US, reflecting a thriving national job market. According to the Bureau
of Labor Statistics, states like New Hampshire and South Dakota have the
lowest unemployment rates at 1.8%. I’ve yet to hear a clear and convincing
argument for why unemployment is so low but people are still saying it’s
impossible to find a job.
AXIOS

California’s Math Crisis
California’s Board of Education has approved a new set of
recommendations, the California Mathematics Framework (CMF), which critics
argue de-emphasizes mathematical excellence in favor of minimizing racial
inequity. The CMF discourages teaching algebra until high school, ends
advanced courses until high school, and foregrounds “equity” at the expense
of teaching math basics like addition and subtraction.
THEFP

Japan’s Population Decline
Japan’s population crisis is worsening, with the number of
nationals dropping by over 800,000 last year, reflecting trends seen in
other East Asian countries. The total population as of January 1 this year
stood at 125.4 million, including both Japanese and foreign residents,
according to data from Japan’s internal affairs ministry.
CNN

Resilient Economy
The American economy continues to grow at a healthy pace,
showing resilience in the face of the fastest interest rate tightening cycle
since 1970. Adjusted for inflation, GDP increased at a 2.4% annualized rate
in the second quarter, picking up from Q1’s 2% pace.
AXIOS

IDEAS & ANALYSIS

AI Tooling Will Be Like Reading for Fun
I had the sad thought
recently that AI tooling will be, and already is actually, a lot like
reading. Yes, it’ll be available to most everyone in the US, but only a
subset of people will take advantage. I know lots of smart people, with tons
of intellect and potential. But they don’t read. They don’t work out. They
don’t spend their time grinding. AI tools will likely be yet another thing
they won’t do. The result of this will be that small group of grinders
pulling that much further away from everyone else. Because now they’re not
only reading and grinding, but they’re doing so augmented by automation and
intelligence. I guess I should have anticipated that, but I’m still hopeful
that we’ll find a way, perhaps with AI’s help, to bring the optimizations to
far more people.

NOTES

My buddy
Joseph Thacker
just launched his new Hacker Art site,
Hackersbyrez0.com. It’s hundreds of his own insanely creative AI Art images of various types
of hacker, and they’re all free to use! And every time you refresh you get a
different collection!
HACKERSBYREZ0

DISCOVERY

⚒️
File Change Monitor
— A tool that detects changes in JavaScript files and notifies users when
new API endpoints are added. It’s a convenient way to monitor updates on
various websites. | by
cablej
|
GITHUB

⚒️
cdncheck
— A utility tool for identifying the technology associated with DNS/IP
network addresses. It’s easy to use and extendable, supporting CDN, Cloud,
and WAF detection. | by
ProjectDiscovery
|
GITHUB

⚒️
JSMon
— A JavaScript Change Monitor for BugBounty. This tool allows you to
configure a number of JavaScript files on websites that you want to monitor.
When these files change, you are notified via Telegram with a link to the
script, the changed file sizes, and a diff file to inspect the changes. | by
r0bre
|
GITHUB

⚒️
Tree-of-Thought
— A new reasoning method implemented in Langchain_experimental, originally
conceptualized by Shunyu Yao and brought to life by Vadim Gubergrits. |
TWITTER

⚒️
CV Analyser
— A simple tool that compares your CV to the job description and provides
recommendations to improve it, increasing your chances of landing an
interview. | by
Oli from GPTDevs
|
TWITTER

⚒️
Agent Iterators
— LangChain has introduced a feature that allows agents to run as iterators,
enabling execution of a single step at a time with custom logic in between.
| by
@SlapDron3
and
@lacicocodes
|
TWITTER

Managerial Pitfalls
Charity Majors discusses the potential downsides of
transitioning from an individual contributor (IC) to a managerial role,
highlighting the challenges and trade-offs that come with the territory.
Majors emphasizes that management requires a different skill set, often
leading to less direct creation, more responsibility, and a shift in
work-life balance.
CHARITY.WTF

Fine-Tuning Power
Lucas Pauker’s article explores the potential of fine-tuning in
Language Model Learning Machines (LLMs). He emphasizes the transformative
effect of fine-tuning, comparing it to the difference between a general
practitioner and a specialist doctor.
HACKERNEWS

Broken RF
My buddy
Matt Johansen
wrote an epic thread about the vulnerabilities discovered in encrypted radio
communications.
TWITTER

Birkin Bag Economics
The Birkin bag, designed by Hermès’s chief executive Jean-Louis
Dumas for actress Jane Birkin in 1983, has become the world’s most expensive
handbag, with prices starting at $7,000. The bag’s high cost is attributed
to its exquisite craftsmanship, with each bag taking up to 18 hours to
complete, and the brand’s strategy of rationing by queue rather than price,
creating a perception of exclusivity.
ECONOMIST

Ancient Worms Revived
Scientists have managed to revive ancient worms from permafrost
after a staggering 46,000 years.
NYTIMES

RECOMMENDATION OF THE WEEK

Realize that you are enough.

It’s fine to want to improve yourself, and to even obsess over doing so.
That’s fine. But it shouldn’t come from a belief that how you are is somehow
wrong or bad. And it most definitely shouldn’t come from the outside.

You are enough.

APHORISM OF THE WEEK

When good people pretend uncomfortable truths don’t exist—and attack those
who acknowledge them—they empower the hateful to gain office and commit
legalized atrocities.