alt

 

   Unsupervised Learning is a Security, AI, and Meaning-focused podcast    that looks at how best to thrive as humans in a post-AI world. It combines    original ideas, analysis, and mental models to bring not just the news, but    why it matters and how to respond.  

   

Hey everyone,

 

   Hopefully your week is starting off better than Siri handles AC      requests.  

 

     

tw profile: ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ

       ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ

       @DanielMiessler

tw

     

Siri quality after nearly a decade.

     

       

11:21 PM • Jul 16, 2023

             

       134 Likes          8 Retweets        

     

9 Replies

   

 

   I honestly don’t know how the Apple Maps guy got fired but Siri still      sucks this bad after all these years.  

 

   Anyway, we put out a new piece of member content      this weekend, I’m working on slides for talks, and progress continues on      the product we’re building. I also up-leveled my hummingbird feeder game      to four of these.  

 

I hope you’re doing well,

 

Let’s get into the week!

 

 

In this episode:

 

   🚨 VoiceFake Scams on the Rise
🔑 FrontView Mirror, 2024 Edition:    Trends and Preparations
🎙️ AI and Content Creation: A Discussion on The    Phillip Wylie Show
🔒 Chinese Email Hack: A Sophisticated Espionage    Effort
🌐 Transatlantic Data Flow: A New EU-US Data Privacy    Framework
🔍 Docker Security Flaws: Sensitive Data in Docker Images
🏥    HCA Healthcare Breach: Impacting 11 Million Patients
⚖️ Orca Suing Wiz:    A Case of Patent Infringement
🤖 AI-Enabled Cybercrime: The Rise of    WormGPT
🐦 Twitter Struggles: Ad Revenue Plummets by Nearly 50%
🎵    TikTok Music Launches: A New Competitor for Apple Music and Spotify  

 

   MY WORK  

 

   🔑 FrontView Mirror, 2024 Edition (Member Content)
My annual look at trends I’m seeing and what we can do to get ready    for them. Topics: Individual Independence, Process Primacy, and Trust    Triangulation    MORE  

 

   🎙️Talking AI and Content Creation on The Phillip Wylie Show
I went on my buddy Phillip Wylie’s podcast a few weeks ago and had a    great conversation with him about career trajectories and chasing your    desires.    MORE  

 

   SECURITY NEWS  

      

   🚨AI Voice Scams Being Deployed      — I know at least 3 normal (non-infosec) people who have been targeted by      scams using AI fakes of family member voices      in the last two weeks. The latest was a mother receiving one of the      daughter, probably faked using her voicemail. You and I are not likely to      fall for this, but be sure to tell your family and friends about the trend so they don’t fall victim.  

      

   ⚠️ Office Zero Day
Microsoft has disclosed an unpatched zero-day security bug in Windows    and Office products, exploited to gain remote code execution via malicious    Office documents. The vulnerability, known as CVE-2023-36884, was used in    high-complexity attacks targeting the NATO Summit in Vilnius, Lithuania.    MORE  

 

   🇨🇳 Chinese Email Hack 📧
Chinese hackers, suspected to be part of an intelligence    operation, have breached US government email accounts, as disclosed by    Microsoft. The attack was not a broad-brush intrusion but a targeted one,    focusing on specific accounts and went undetected for a month, suggesting a    sophisticated espionage effort.  

 

- The hackers used forged authentication tokens to gain access.

 

   - Approximately 25 organizations, including government agencies, were    compromised in the attack.  

 

   - The breach could potentially exacerbate already strained US-China    relations.  

 

   - The US government has been transitioning data to the cloud for better    access and improved security.  

 

   - The breach has prompted a review of government security requirements and    protocols.    MORE  

 

   Transatlantic Data Flow
The European Union and the United States have finally struck a deal    that allows companies to freely transfer data across the Atlantic,    potentially putting an end to a three-year period of legal limbo that has    affected tech behemoths like Facebook and Google. This new agreement, dubbed    the EU-US Data Privacy Framework, comes in the wake of the EU's top court    striking down the previous data agreement, known as Privacy Shield, due to    concerns that US intelligence agencies had too much freedom to access    Europeans' personal data.    MORE  

      

   Sponsor  

 

   🛡️ Secure Your Cloud Future! ☁️  

 

   AWS Security Foundations are no longer a nice-to-have. As data, apps, and      services ascend to the cloud, you need to know more than just how to get      to the cloud, but how to do it securely.  

 

   🚀 Take off with our FREE eBook, your ultimate guide to AWS security. Discover the key principles to      fortify your AWS environment, all in a digestible, jargon-free format.      

 

   💡 Illuminate your cloud journey. Secure your business. Protect your customers. All this knowledge, just a click away.      

 

   📚 Grab your FREE AWS Security Foundations eBook      now! Let's conquer the cloud, together.      

 

   ➡️ wiz.io/lp/aws-security-foundations-for-dummies      ⬅️  

     Download the eBook         

   Docker Security Flaws
Researchers at RWTH Aachen University in Germany have discovered that    approximately 8.5% of Docker images hosted on Docker Hub contain sensitive    data such as private keys and API secrets.    MORE   

 

   HCA Healthcare Breach
HCA Healthcare, one of the largest healthcare services providers in    the US, announced a significant data breach impacting approximately 11    million patients. The breach was discovered on July 5, when a threat actor    posted a list of stolen personal information on an underground forum,    including names, addresses, birth dates, and appointment dates.    MORE  

 

   AI-Enabled Cybercrime
A new tool, WormGPT, is being advertised on underground forums,    enabling even novice cybercriminals to launch phishing and BEC attacks    swiftly and at scale.    MORE  

 

   Orca Suing Wiz
Orca is suing Wiz for patent infringement. As a non-expert with    exposure to both tools, this seems like the desperate measure by someone    getting trounced in the marketplace. All I heard from others when I used    Orca was how much better Wiz was. Note: Wiz has also sponsored the show    before, and I think Orca has as well.    MORE  

 

   TECHNOLOGY NEWS  

 

   Twitter Struggling
Despite aggressive cost-cutting measures, including laying off half    of the company's 7,500 staff, Musk says Twitter's ad revenue has plummeted    by nearly 50%. Too early to say, but I might end up being wrong about him    turning this around. It’s looking pretty bleak, and I don’t see any signs of    him getting better at listening. Meanwhile, Threads.    MORE  

 

   Chinese AI Rivalry
China's search engine pioneer, Sogou founder Wang Xiaochuan, has    launched an open-source large language model, Baichuan-13B, through his    startup Baichuan Intelligence. This model, touted as one of China's most    promising, is based on the Transformer architecture and trained on Chinese    and English data.    MORE   

 

   Musk's AI Startup xAI
Elon Musk has unveiled his latest venture—an artificial intelligence    startup named xAI, staffed with engineers from renowned companies like    OpenAI and Google. Musk, known for his cautious stance on AI, has previously    advocated for a pause in AI development and the establishment of regulatory    measures to ensure its safe progression.  

 

- xAI's goal is to "understand the true nature of the universe."

 

- Musk was one of the original backers of OpenAI.

 

- He has criticized ChatGPT for having a liberal bias.

 

   - Musk signed an open letter calling for a pause to "Giant AI Experiments".    MORE  

 

   TikTok Music Launches
TikTok is stepping in to compete with Apple Music and Spotify with    its new platform, TikTok Music. Initially available only in Brazil and    Indonesia, the service offers unique features like song recommendations    based on viral TikTok videos.    MORE  

 

   HUMAN NEWS  

 

   Long COVID Gene
Researchers have identified a gene linked to long COVID in a    genome-wide study. The gene, FOXP4, is active in the lungs and some immune    cells, and was found in an analysis of 6,450 patients across 16 countries. I    wonder if 23andMe tracks this one.    MORE   

 

   Migration Backlash
Waves of migrants taking dangerous, unauthorized passages to Europe    and the U.S. are sparking a new rush of anti-immigrant policies and    deepening political divisions in several wealthy countries. The UN reports    that last year, a record-breaking 2.9 million new asylum applications were    submitted, the highest number since at least 2000.
   - 40% of the new applications were from Latin America and the Caribbean
   - There's been a surge in Europe, driven by migrants from Syria, northern    Africa, Iraq, Turkey
   - In the U.S., almost every 2024 Republican presidential candidate has    embraced a tough stance on border security
   - In Europe, far-right politicians are demanding tighter immigration    policies
   - The Netherlands' government collapsed over disagreements on refugee    restrictions    MORE   

 

   Banking Boom
Major US banks, including JPMorgan, Wells Fargo, and Citigroup, have    reported quarterly profits that have exceeded expectations, suggesting a    robust US economy despite interest rate hikes. The Wall Street Journal    reports that these banks have seen a combined growth of 31% in income from    interest on loans compared to the previous year.    MORE  

 

   IDEAS & ANALYSIS  

 

   Atomic vs. Molecular Ideas: On-ramps and Off-ramps
A buddy and I    were talking last week about a really cool idea I am pretty sure I’ve    written about before. Basically, there are individual ideas, like ‘we should    protect the freedom of speech’, and then there are ideologies, like    socialism and facism. The conversation we had was around slippery people    using benign ideas to onramp into a gross ideology. Example: SolarPunk being    a benign idea around breaking off from greater society and technology, and    returning to the foundational pleasures of working land, being close to    nature, raising your own food, etc. That’s used as an onramp to a TRAD    ideology in which women and minorities end up subservient to men, who often    somehow end up being white. So the ideas are the atoms, and the molecules    are the ideologies. And you can’t really have impactful atoms. It’s their    combination that becomes something consequential. In the case of negative    ideologies the discussion was about how to defend people against specious    arguments that start with attractive atomic ideas, like SolarPunk, and to    teach them how to watch for the onramps to harmful TRAD ideologies. Then, if    someone has already been captured by such a system, what are the off-ramps?    How can we break that molecule up into its individual atoms and show how    it’s possible to keep the good components while discarding the bad?  

 

   NOTES  

 

   So happy for my friend Tae’lur for landing her first job in InfoSec! Welcome    to the field!  

 

     

tw profile: Tae’lur Alexis

       Tae’lur Alexis

       @TaelurAlexis

tw

     

       I'm happy to announce I got the job! I'll be starting as a CVE Analyst        @semgrep working on their Semgrep Supply Chain product,        researching vulnerabilities for their open source dependency scanner.      

     

       It's been an adventure learning cybersecurity as a software dev. I'm        excited!      

            

1:46 PM • Jul 17, 2023

             

       130 Likes          4 Retweets        

     

29 Replies

   

 

   Congrats to my buddy    Jason Haddix    for completing his first full paid hacking courses! He did it over two    weekends with hundreds of attendees and the reviews are INSANE as expected.    Can’t wait to see more courses from you friend!    MORE  

 

   We’re putting together a UL meetup in Vegas. If you’re going to be around    between Monday and Sunday, stay tuned for details in UL Chat.  

 

   I cannot recommend    this book on Stoicism    enough. I recommend you read all the various canonical books if you get into    Stoicism, but this one remains my favorite.    MORE  

 

   DISCOVERY  

 

   ⚒️    CodeBox    — Code Interpreter, but available via API. I’ve been waiting for this.    MORE    |    CODE  

 

   ⚒️    LazyVim    — A fully NeoVim setup that gives you the Vim experience with the power of a    full IDE. I personally don’t use one of these environments because I’d    rather do things myself, but it does give you an instant feeling for    NeoVim’s potential when configured.    MORE  

 

   ⚒️    GPT Prompt Engineer — Simply input a description of your task and some test cases, and the    system will generate, test, and rank a multitude of prompts to find the ones    that perform the best.    MORE  

 

   ⚒️    FindMyTakeover    — Detects dangling DNS record in a multi cloud environment by scanning all    the DNS zones and the infrastructure present within the configured cloud    service provider and finding the DNS record for which the infrastructure    behind it does not exist anymore rather than using a wordlist.    MORE  

 

   ⚒️    Top 25 Recon Tools    — A top 25 list of Recon Tools and their purposes.    MORE  

 

   📺    Web App Hacking With Caido    — A full video conversation on hacking web apps using my favorite Rust-based    Burp alternative.    MORE  

 

   ⚒️    JSLuice    — A Bishop Fox tool written by    @tomnomnom    for extracting URLs, paths, secrets, and other juicy nuggets from    JavaScript.    MORE  

 

   🗺️    Life OS Dashboard    — A super-interesting-looking Notion dashboard for life tracker types. MORE    |    VIDEO  

 

   ⚒️    AWS Docs GPT    — Search AWS Docs using an LLM.    MORE  

 

   How to securely build product features using AI APIs    MORE  

 

   Why does virtually every action hero’s name start with J?    MORE  

 

   Hacking LangChain for fun and profit    MORE  

 

   How to Do Great Work (Paul Graham)    MORE  

 

   News is Propaganda    MORE  

 

   Nobody cares about your blog, but that’s ok    MORE  

 

   
RECOMMENDATION OF THE WEEK  

 

   Go play with    OpenAI’s Code Interpreter. What is it? It’s basically an AI agent combined with tons of analysis    tools, and when you upload files or code to it you can ask it to find    patterns, make graphs, and do all kinds of crazy stuff.  

 

Examples:

 

   It’s best to think about it as an independent AI system with access to tons    of tools. Like ChatGPT, except with octopus hands and the ability to code.    When I talk about getting ready for the future, and I talk about being able    to use AI tools fluently, this is the type of thing I’m talking about. And    even better if you a use it through an API.    MORE   

 

   💡Pro Tip:    If the file you want to work with is too large, you can zip it up and      send that instead! Including a whole directory! Code Interpreter will      unzip it and consume it!  

 

   APHORISM OF THE WEEK  

 ❝    

   The highest form of ignorance is when you reject something you don't know    anything about.  

   Wayne Dyer      

Share Unsupervised Learning

 

   Or copy and paste this link to others:    {{rp_refer_url_no_params}}  

    

How are you liking the UL newsletter?

 

The newsletter overall and/or this episode…

 

 

Thank you for reading! See you next week!