Unsupervised Learning NO. 393

Unsupervised Learning is a Security, AI, and Meaning-focused podcast
that looks at how best to thrive as humans in a post-AI world. It combines
original ideas, analysis, and mental models to bring not just the news, but
why it matters and how to respond.

Hey there, Happy Monday!

Welcome to HackerCon week,

This is the week of BSides Las Vegas, Blackhat, and DEFCON in Las Vegas.
If you see me around come say hi. Or at least wave or nod your head from a
distance!

We’ve also completed our MVP for our first UL product, and we’ll be doing
private demos this week! We’re also doing a member meetup on Friday;
really looking forward to that one!

Anyway, have a great con week, even if you’re not in Vegas.

Let’s jump in…

In this episode:

HackerCon Week: BSides, Blackhat, DEFCON
Google’s Privacy Update:
Control Your Data
AI Vulnerability: Adversarial Attacks on
Chatbots
NIST CSF Changes: Are You Ready?
Breach Disclosure
Rules: SEC’s New Mandate
Tech Giants’ Security Fixes: Apple, Google,
Microsoft
Penetration Testing Guide: Understanding Cybersecurity
Risks
Google’s AI Pivot: Supercharged Assistant
Musk’s Grid
Warning: Invest in Energy Transition
Tool & Article Discovery

The Recommendation of the Week
The Aphorism of the Week

MY WORK

High-Entropy Writing
My latest essay on one model for creating the best possible talks:
Surprise. I compare the concept of surprise in talks to Claude
Shannon’s entropy in information theory.
READ THE ESSAY

SECURITY NEWS

Google’s Privacy Update
Google just released a
tool
that lets you see how your contact information appears in Google, and even
lets you delete results as well. They updated their “Results About
You” tool, which now includes a dashboard that alerts you when your contact
information appears in Google searches, and allows you to request removal of
that information.

– The tool is available to logged-in Google users.
– Users can request
removal of personal information like email, home address, or phone
number.
– The dashboard is currently rolling out to users in the US.
–
Google also updated policies for removal of nonconsensual explicit
images.
– The tools won’t completely wipe you from Google searches, but
will make personal information harder to find.
– If you don’t have a
Google account, you can fill out a stand-alone removal form to make a
request.
– Google sends an email where you can track the status of the
request.
GOOGLE ANNOUNCEMENT
|
THEVERGE
|
THE TOOL

AI Vulnerability 
Researchers at Carnegie Mellon University have discovered a
fundamental vulnerability in advanced AI chatbots, including ChatGPT, that
can’t be patched with current knowledge. The vulnerability allows for
adversarial attacks, where a simple string of text can bypass all defenses
and prompt the AI to generate prohibited responses. Just the beginning of
this sort of stuff, to be sure. We forget how to do basic security whenever
we introduce new tech. See: network → web → mobile → cloud → IOT → AI.
WIRED

New Breach Disclosure Rules 
Public companies in the US now have to disclose cyberattacks
within four days, according to new rules approved by the Securities and
Exchange Commission (SEC). The rules apply when the attack has a “material
impact” on the company’s finances, but can be delayed if disclosure risks
national security or public safety. Love this progress from the US
government.
MALWAREBYTES

Sponsor

 NIST CSF Changes Are Coming – Are You Ready?

In January 2023, the National Institute of Standards and Technology
(NIST) announced its intent to make new revisions to its NIST
Cybersecurity Framework (CSF) document, with an emphasis on cyber defense
inclusivity across all economic sectors.

Responding to industry requests on relevant issues, version 2.0 focuses
on international collaboration, broadening the scope of industries that
can use the CSF, and one entirely new Function. Download our handy ebook to review the updates — and their implications for your business
— before they go live.

learn.hyperproof.io/2023-proposed-changes-to-nist-csf

Download eBook

   

 Chinese APTs Infiltration 
Chinese hacking teams are burrowing deep into sensitive US
infrastructure, aiming to establish permanent presences. Reports from
Kaspersky and The New York Times reveal advanced spying tools and hidden
malware used by these groups to threaten national security.
ARSTECHNICA

HackerOne Restructuring 
HackerOne, a cybersecurity company, is reducing its team by
approximately 12% due to economic challenges and underperforming new
products. CEO Marten Mickos announced the decision, stating that severance
packages will be offered to impacted employees. Interesting timing doing
this right before HackerCamp.
HACKERONE

Ivanti’s Second Patch 
Ivanti has released a patch for another critical zero-day
vulnerability that’s currently being exploited. The vulnerability, listed as
CVE-2023-35081, is being used in conjunction with another vulnerability
we’ve previously discussed and has a CVSS score of 7.2.
MALWAREBYTES

Sponsor

 OPAL, Scalable Identity Security

Opal is designed to give teams the building blocks for identity-first security: view authorization paths, manage risk, and seamlessly apply intelligent policies built to grow with your organization.

Opal is used by best-in-class security teams today, such as Blend, Databricks, Drata, Figma, Scale AI, and more. There is
no one-size-fits-all when it comes to access, but they provide the foundation to scale least privilege the right way.

opal.dev/demo

Secure Identity with Opal

   

Top Exploited Vulnerabilities 
The Five Eyes cybersecurity authorities, in collaboration with
CISA, the NSA, and the FBI, have released a list of the 12 most exploited
vulnerabilities of 2022. These vulnerabilities were primarily in outdated
software, with threat actors targeting unpatched, internet-facing systems.
BLEEPINGCOMPUTER

Marijuana and Security Clearances 
The U.S. Senate has passed a defense bill that prevents
intelligence agencies from denying security clearances based on past
marijuana use. The provision, part of the National Defense Authorization
Act, was approved despite previous opposition.
MARIJUANAMOMENT

AI Gun Detection 
ZeroEyes is using AI to detect guns in public and private
spaces, aiming to prevent shootings before they happen. The company’s
technology, which has been adopted by various institutions including the
U.S. Department of Defense and public K-12 school districts, identifies
illegally brandished guns and sends alerts to local staff and law
enforcement within seconds.
VENTUREBEAT

Worldcoin Suspended 
Worldcoin’s registration process in Nairobi was halted due to
security concerns as hundreds of people lined up to get free money. The
large crowd was deemed a “security risk”, leading to many being locked out
of the process.
BBC

TECHNOLOGY NEWS

Meta’s AI Launch 
Meta is planning to launch AI-powered “personas” in its
services, including Facebook and Instagram, as early as next month, offering
users a new way to interact with its products. The chatbots will come with
distinct personalities, like a surfer offering travel recommendations or a
bot that speaks like Abraham Lincoln. Honestly excited to see this, which
I’m not used to saying about anything Meta.
THEVERGE

Generative AI Adoption 
Generative AI is becoming a common tool in many organizations,
with a McKinsey report, based on a survey of 1,684 participants, finding
that 79% had some exposure to generative AI, with 22% using it regularly for
work. That seems very low and will definitely be low in 6 months.
VENTUREBEAT

Drone Mail Revolution 
The UK’s first drone mail service has kicked off in Orkney,
aiming to revolutionize mail services in remote communities. Alex Brown,
director of Skyports Drone Services, highlighted the benefits of this
technology in terms of efficiency, timeliness, and reduction of
emissions-producing vehicles.
BBC

Musk’s Twitter Rebrand 
Elon Musk is planning to rename Twitter to X, reminiscent of
his failed attempt to rebrand PayPal in 2000. The move is part of Musk’s
ambition to transform the social media platform into a financial
heavyweight, despite his previous unsuccessful venture with X.com, an early
internet banking startup. He really wants the letter X to happen, and this
might be the time. But only because all the Twitter competitors seem really
bad. I am interested in seeing what he does with peer-to-peer payments.
Remember, his goal is to create a China-like OneApp clone. THAT I’m excited
about, but I’ve seen no signs of it thus far.
THEVERGE

Superconductor Breakthroughs? 
A recent study suggests that LK-99, a compound of lead, copper,
and phosphate, might be a room-temperature superconductor. The research,
based on density-functional theory calculations, shows that the electronic
structure of this compound could support flat-band superconductivity or a
correlation-enhanced electron-phonon mechanism. I honestly can’t tell if
this is bunk or not. Too early to say, I think.
ARXIV
|
SOUTHEASTUNIVERSITY
|
ANDREWCOTE

AI Drive-Thrus 
White Castle is planning to roll out AI-enabled voices to over
100 drive-thrus by 2024, aiming to speed up service and reduce
miscommunication. The technology, developed in collaboration with speech
recognition company SoundHound, promises to process orders in just over a
minute.
THEVERGE

Chinese Internet Curfew 
China’s latest bid to curb internet addiction among minors
involves introducing a “minor mode” on devices, limiting access to content
and usage based on the child’s age. For instance, teens between 16 and 18
will be restricted to two hours of mobile usage each day, and all devices in
“minor mode” will be barred from internet access between 10PM and 6AM. I’m a
fan of any policy that makes smart Chinese people want to leave the country,
and I also think this might greatly help the mental health of these kids.
THEVERGE

GPT-5 Patent Filed 
OpenAI has filed a patent for GPT-5, covering a wide range of
applications from language models to speech recognition and translation. The
patent includes both downloadable software and Software as a Service (SaaS)
offerings. Can’t. Wait.
USPTO

Inworld AI’s Funding 
Inworld AI, a startup that uses AI to create smart characters
for games, has raised a new funding round at a $500 million valuation. The
round, which is expected to close later this month, will total over $50
million and includes investors like Lightspeed Venture Partners, Stanford
University, and Samsung Next.
CRUNCHBASE

Game Mode in macOS Sonoma 
Apple’s macOS Sonoma introduces a new feature called Game Mode,
which automatically boosts a game’s performance by giving it top CPU and GPU
priority when launched. This feature is part of Apple’s efforts to make Mac
more appealing as a gaming device by improving game performance and reducing
latency with wireless gaming and audio devices.
MACWORLD

AI-Powered Malware 
HYAS Labs has developed a proof-of-concept for a new type of
malware, EyeSpy, that uses artificial intelligence to autonomously choose
targets, strategize attacks, and adapt its code in real-time. This
“cognitive threat agent” represents a potential evolution in cyber warfare,
capable of reasoning, learning, and adapting on its own. This is an early
look at the future of automated attack. Super exciting. And scary of course.
Those go together.
HYAS

AI-Driven Drone 
Artificial intelligence software successfully piloted an XQ-58A
Valkyrie drone in a test flight, marking a significant step forward in
unmanned aircraft technology. The flight was the result of two years of work
and a partnership with Skyborg Vanguard, aimed at creating unmanned fighter
aircraft.
OODALOOP

HUMAN NEWS

Wind Farm Development 
Scotland has cut down over 16 million trees to make way for
wind farms. Feels like too many. Something about cutting noses and spiting
faces.
MSN

State Farm Exits California 
State Farm, the largest insurer in California, is pulling out
of the state, no longer offering new coverage. This move is part of a larger
trend of insurance companies retreating from areas prone to climate-related
disasters.
NYTIMES

Construction Labor Shortage 
The US construction industry is grappling with the highest
level of unfilled job openings ever recorded, struggling to attract an
estimated 546,000 additional workers in 2023 to meet labor demand. The
industry averaged over 390,000 job openings per month in 2022, a record
high, while its unemployment rate of 4.6% was the second lowest on record.
CNBC

Cancer Pill Breakthrough 
City of Hope scientists have developed a promising new
chemotherapy, AOH1996, that’s shown to annihilate all solid tumors in
preclinical research. The drug targets a cancerous variant of the protein
PCNA, disrupting DNA replication and repair in cancer cells, while leaving
healthy cells untouched. Incredible that so many tech innovations seem to be
happening at once. I hope this pans out in a significant way.
INNOVATIONORIGINS | SKYNEWS | EUREKALERT

American Life Expectancy 
Life expectancy in America is falling behind other rich
countries, with areas like Hazard, Kentucky, being hit the hardest. A study
by Jessica Ho of the University of Southern California found that from a
fairly average position in 1980, by 2018 America had fallen to dead last on
life expectancy among 18 high-income countries.
ECONOMIST

Fitch Downgrades US Debt 
Fitch Ratings has downgraded the US’s credit rating due to
concerns over governance standards, particularly around fiscal and debt
matters. The rating agency pointed out a “steady deterioration in standards
of governance over the last 20 years,” despite the recent bipartisan
agreement to suspend the debt limit until 2025.
BBC

Overdose Deaths Surge 
Drug deaths in the US reached a new high in 2022, with over
109,680 fatalities largely due to the ongoing fentanyl crisis. Preliminary
data from the Centers for Disease Control and Prevention shows an increase
of 21% in Washington state and Wyoming, while some states like Maryland and
West Virginia saw a decrease in fatalities.
OPB

Summer Covid Surge 
Covid-19 cases are on the rise again, marking an unwelcome
summer tradition. Hospitalizations increased by 12 percent to over 8,000
across the US for the week ending July 22, the first weekly increase since
the end of the federal Covid-19 public health emergency in May.
WIRED

Seoul Stabbing Spree 
A violent attack near Seoul, South Korea has left at least 12
people injured, with the suspect using his car and a knife as weapons. This
incident, occurring during rush hour in Seongnam, follows a similar stabbing
in Seoul two weeks prior.
OODALOOP

NOTES

We have our first UL product ready to demo this week! If you want to see
what I’ve stealthily been working on for the last few months, ping me and
we’ll plan a place to cross paths for a private demo!

IDEAS & ANALYSIS

Vision Before Execution
Bram Moolenaarr died last week. He
created Vim and has been running it ever since. It got me thinking about
something that’s been rattling around in my brain for while now, which is
the power of headstrong, visionary founders. Bram was one. Jobs. Musk. And
Bezos. What I think they all have in common—and bad companies lack—is a
strong Philosopher King vibe. I’m increasingly noticing that companies
aren’t failing because they can’t execute. They’re failing because nobody
agrees on what should be executed. They’re rudderless. Chaotic. Floundering.
They’re full of overly-ambitious and politically-savvy leaders who have
their own agendas, which means the company is not unified. Amazon crushed it
because Bezos knew exactly what he wanted to build, and he built it. And he
was VERY forceful about that direction and making sure people stayed on the
path. Jobs was the same way. And so was Bram. One leader for the entire run
of the project, basically. Of course, I do think this vision is necessary
but not sufficient. You can’t have vision with no execution. But in my
opinion too many people have swung that pendulum too far towards execution
in recent years. It’s very true that if you can’t execute the vision doesn’t
matter, but if you don’t have a vision then you execute in multiple
directions simultaneously, or not at all. Personally, I’d rather be totally
unified on a clear vision and not have the resources to execute yet than be
a highly competent ball of political chaos. Anyway, here’s to Philosopher
Kings. Here’s to the people with a vision and personality strong enough to
maintain commitment to an idea amongst a thousand opposing voices. And RIP
Bram. You’ve done a great thing with your project, and with the charity it
supports.

DISCOVERY

Promptmap
— A tool designed to automatically test prompt injection attacks on ChatGPT
instances. It generates creative attack prompts tailored for the target,
sends them to the ChatGPT instance, and determines the success of the attack
based on the response. | by
Utkusen
|
GITHUB

OWASP Amass
— OWASP Amass is a tool that performs network mapping of attack surfaces and
external asset discovery using open source information gathering and active
reconnaissance techniques. It’s a staple in the asset reconnaissance field,
constantly evolving and improving to adapt to new trends. | by
OWASP
|
GITHUB

Semgrep Rules Manager
— A tool for managing third-party sources of Semgrep rules, simplifying the
process of integrating and updating these rules in your projects. | by
iosifache
|
GITHUB

ReconFTW Framework
— The ReconFTW framework, developed by
@six2dez1, is a comprehensive package for subdomain finding and associated recon,
offering a complete picture of an organization’s subdomains and initiating
cursory analysis. The framework automates the entire process of
reconnaissance and can run automated vulnerability checks like XSS, Open
Redirects, SSRF, CRLF, LFI, SQLi, SSL tests, SSTI, DNS zone transfers, and
more.
@six2dez1

Surprise Factor
— When writing for the public, especially a stage talk, it’s all about the
surprise factor. The author argues that people only really learn when
they’re surprised, and advises to cut out everything that’s not surprising.
SIVERS

Vim’s Abbreviations
— Vim’s “abbreviation” feature offers an effective way to automate tasks in
insert mode, from basic use cases to more complex ones. The feature allows
users to assign abbreviations with the command :ab[breviate] or :iabbrev for
insert mode, and can be used in autocommands for file-specific
abbreviations.
VONHEIKEMEN

Run Every Day
— Running one mile every day, consistently, can vastly improve your mental
and physical well-being, according to Duarte, who’s been doing it for about
two years. He argues that it’s not about the distance or pace, but about
claiming back your time and prioritizing your health.
DUARTEOCARMO

Stop Stopping at 90%
— Austin Z. Henley discusses the common issue of stopping at 90% in
projects, where the core project is complete but the final 10% of work,
often involving evangelism, documentation, and polish, is neglected. Henley
suggests activities such as presenting the work to other teams, broadcasting
an email with the takeaways, and writing a blog post about it to truly
finish a project.
AUSTINHENLEY

Vim One-liners
— Muhammad Raza shares his favorite vim one-liners that have significantly
enhanced his vim workflow, making it more productive and efficient. These
one-liners are used to edit files swiftly, saving precious time and offering
unparalleled efficiency when it comes to editing text.
MUHAMMADRAZA

AI Redirection
—
AI.com, previously redirecting to chat.openai.com, now points to x.ai, a separate company from X Corp. The two companies, however, will be
working closely together.
HACKERNEWS

Don’t Be Clever
— The author reflects on a past coding project, where he created an overly
complex, abstract class called CRUDController for a startup’s REST API.
Despite its initial efficiency, the class became a “monster” as it grew more
complex and time-consuming than simply copying code between controllers.
STITCHER

Emotion Regulation in Men
— Men often regulate their emotions through physical activities rather than
verbal expression, according to a personal account and analysis on the
Centre for Male Psychology. The author argues that this action-based
emotional regulation is not a sign of low emotional intelligence, but rather
a different approach to managing emotions, challenging theories that suggest
men are emotionally handicapped.
CENTREFORMALEPSYCHOLOGY

EDR Attack Explored
— Reddit user N3mes1s has shared a detailed guide on how to attack an
Endpoint Detection and Response (EDR) system. The post, which is part one of
a series, provides a step-by-step breakdown of the process.
RICARDOANCARANI

RECOMMENDATION OF THE WEEK

Make at least one of your walks per week a silent walk.

No tech. No music. No podcasts. No books. No conversations.

Just you and your thoughts. And ideally, just observations of your
surroundings and your thoughts, as opposed to being hijacked by your
thoughts.

Walk and observe. At least once a week.

APHORISM OF THE WEEK

❝  

I can’t think of one great human being in the arts, or in history generally,
who conformed, who succeeded, as education experts tell us children must
succeed, with their peer group.

  Madeleine L’Engle

We’ll see you next time,