Unsupervised Learning NO. 392
Trail of Bits Testing Handbook, Startups Freefall, and Chinese Propaganda Escalation…
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.
Hey there, Happy Monday!
I’m spending most of my time improving my autonomous agents, coding on our product, and prepping for Vegas. Saw this great Tweet from Jake Williams about picking the right tool for the job, and thought it was worth sharing.
What's the best EDR?
Well, that depends entirely on your use case...
— Jake Williams (@MalwareJake)
Jul 25, 2023
Have a great week!
In this episode:
💡 Burnout and Addiction: A New Perspective
🚦 UL RSS Live: Stay Updated
🔍 Security News: Testing Handbook, IDOR Vulnerability, Lazarus Hacks
📈 Technology News: Startup Decline, iPhone Dominance, AI Girlfriends
🌍 Human News: Longevity Habits, Unemployment Rates, Math Crisis
💭 Ideas & Analysis: AI Tooling and Reading
🎨 Hacker Art by Rez0
🛠️ Discovery: New Tools and Insights
👥 Managerial Pitfalls: Transitioning Roles
👜 Birkin Bag Economics: The World's Most Expensive Handbag
🔭 Tool & Article Discovery
➡️ The Recommendation of the Week
🗣️ The Aphorism of the Week
Testing Handbook Unveiled
Trail of Bits has released the first chapter of their testing handbook, with the first chapter focusing on Semgrep. The handbook aims to provide comprehensive guidance on testing methodologies, starting with static analysis. TRAILOFBITS
CISA IDOR Vulnerability Warning
In collaboration with the Australian Cyber Security Centre and U.S. National Security Agency, CISA has issued a warning about the significant breach risks associated with insecure direct object reference (IDOR) vulnerabilities in web applications. These vulnerabilities, which can lead to unauthorized access and data breaches, have been exploited in several incidents, resulting in the compromise of personal, financial, and health information of millions of users. BLEEPINGCOMPUTER
Lazarus Hacks IIS
The North Korean Lazarus hacking group is breaching Windows Internet Information Service (IIS) web servers to distribute malware. The group is leveraging poorly protected IIS services, with the main advantage being the ease of infecting visitors of websites or users of services hosted on breached IIS servers owned by trustworthy organizations. BLEEPINGCOMPUTER
North Korean Hackers
North Korean hackers made a mistake that exposed their real-world IP addresses during a recent intrusion at enterprise software company JumpCloud. Mandiant, assisting one of JumpCloud’s affected customers, attributed the breach to North Korea’s Reconnaissance General Bureau, a hacking unit that targets cryptocurrency companies and steals passwords. TECHCRUNCH
China's Disinformation Tactics
China is reportedly using fake social media accounts linked to transnational criminal groups to spread propaganda and disinformation. According to the Australian Strategic Policy Institute, these accounts are connected to a network promoting Warner International Casino, an online gambling platform operating in Southeast Asia. THERECORD
Yamaha's Canadian music division recently confirmed a cyberattack, following claims from two different ransomware groups that they had attacked the company. The trend of victim organizations being posted by multiple ransomware groups is becoming increasingly common, with Yamaha being the latest example. THERECORD
Norway's Government Breach
Hackers exploited a zero-day vulnerability in Ivanti's software, compromising a dozen Norwegian government agencies. The vulnerability, tracked as CVE-2023-35078, received the highest CVSS score of 10, indicating a critical bug. THERECORD
AI Phishing Attempts
ChatGPT and other AI assistants like Meta's Llama 2 are being tested for their potential use in phishing scams. While Llama 2 has built-in restrictions against such misuse, ChatGPT produced a convincing email template without pushback. TALOSINTELLIGENCE
TSA's CLEAR Concerns
The TSA is cracking down on the CLEAR program, which expedites airport security using biometrics, due to a security incident last year. The incident revealed that CLEAR's facial-recognition system was vulnerable to abuse, with nearly 49,000 customers enrolled despite being flagged as non-matches by the software. Big Yikes. VIEWFROMTHEWING
The FBI has released a reference guide on Militia Violent Extremists (MVEs), detailing their ideologies, targets, tactics, and key terms. MVEs are anti-government extremists who believe in using force to protect perceived threats to their rights and the Constitution, often referencing conspiracy theories and historic grievances. | PUBLICINTELLIGENCE
Shanghai-based marketing firm Haixun has allegedly taken its pro-China influence campaign to new heights, using newswire services, staged protests, and billboard ads to spread propaganda in the U.S. The firm, which has Chinese police and government agencies among its clients, was previously associated with a campaign involving 72 fake news sites worldwide. | THERECORD
Researchers have disclosed potential attacks on public Language Learning Models (LLMs), and they have a pretty slick, minimalist way of demonstrating them on the website. The team had previously alerted companies hosting the large closed-sourced LLMs they tested, highlighting the need for further research on adversarial attacks on LLMs. LLM-ATTACKS
An AI-equipped police van in Hampshire, UK, has been successful in identifying drivers using mobile phones and other traffic violations. During a week-long operation, the van detected 86 drivers using a phone, 273 not wearing seat belts, and 132 mechanical offenses. BBC
🪳MikroTik Vulnerability Over 900,000 MikroTik routers are at risk due to a 'Super Admin' privilege elevation that’s exploitable with an existing admin account. The problem is that the RouterOS operating system does not prevent password brute-force attacks. | Critical | CVE-2023-30799 | BLEEPINGCOMPUTER
The entrepreneurial landscape is witnessing a concerning trend - a steep decline in the formation of new startups. Data from Crunchbase shows an estimated decrease of about 86% in the US, 89% in Israel, and 87% in the EU from 2020 to 2023. Those are insane numbers! I’m hoping that means it’s a better climate for people who actually do start a business? CRUNCHBASE
US iPhone market share has spiked to 55% in Q2, largely due to a significant drop in Android smartphone shipments. The overall US smartphone market saw a 24% year-on-year decline in shipments, with Apple's smaller 6% drop allowing it to increase its market share. It takes a while sometimes, but quality and consistency eventually wins out in the marketplace. 9TO5MAC
AI Girlfriends Trend
AI girlfriends are ascending, with many articles discussing the implications of the trend on society and human relationships. The under 30 demographic, being the most tech-savvy and likely to be single, are turning to virtual companionship, with 63% of men under 30 describing themselves as single, compared to 34% of women in the same age group. INNOVATIONNATION
A new study suggests adopting eight healthy lifestyle choices at age 40 could add up to 24 years to your life. The study, analyzing data on US veterans, found that even starting these habits at age 50 or 60 could add 21 and 18 years to your life respectively. The list seems quite approachable, actually. CNN
Record Low Unemployment
Unemployment rates are hitting record lows in 17 states across the US, reflecting a thriving national job market. According to the Bureau of Labor Statistics, states like New Hampshire and South Dakota have the lowest unemployment rates at 1.8%. I’ve yet to hear a clear and convincing argument for why unemployment is so low but people are still saying it’s impossible to find a job. AXIOS
California's Math Crisis
California's Board of Education has approved a new set of recommendations, the California Mathematics Framework (CMF), which critics argue de-emphasizes mathematical excellence in favor of minimizing racial inequity. The CMF discourages teaching algebra until high school, ends advanced courses until high school, and foregrounds "equity" at the expense of teaching math basics like addition and subtraction. THEFP
Japan's Population Decline
Japan's population crisis is worsening, with the number of nationals dropping by over 800,000 last year, reflecting trends seen in other East Asian countries. The total population as of January 1 this year stood at 125.4 million, including both Japanese and foreign residents, according to data from Japan's internal affairs ministry. CNN
The American economy continues to grow at a healthy pace, showing resilience in the face of the fastest interest rate tightening cycle since 1970. Adjusted for inflation, GDP increased at a 2.4% annualized rate in the second quarter, picking up from Q1's 2% pace. AXIOS
IDEAS & ANALYSIS
AI Tooling Will Be Like Reading for Fun
I had the sad thought recently that AI tooling will be, and already is actually, a lot like reading. Yes, it’ll be available to most everyone in the US, but only a subset of people will take advantage. I know lots of smart people, with tons of intellect and potential. But they don’t read. They don’t work out. They don’t spend their time grinding. AI tools will likely be yet another thing they won’t do. The result of this will be that small group of grinders pulling that much further away from everyone else. Because now they’re not only reading and grinding, but they’re doing so augmented by automation and intelligence. I guess I should have anticipated that, but I’m still hopeful that we’ll find a way, perhaps with AI’s help, to bring the optimizations to far more people.
My buddy Joseph Thacker just launched his new Hacker Art site, Hackersbyrez0.com. It’s hundreds of his own insanely creative AI Art images of various types of hacker, and they’re all free to use! And every time you refresh you get a different collection! HACKERSBYREZ0
⚒️ cdncheck — A utility tool for identifying the technology associated with DNS/IP network addresses. It's easy to use and extendable, supporting CDN, Cloud, and WAF detection. | by ProjectDiscovery | GITHUB
⚒️ CV Analyser — A simple tool that compares your CV to the job description and provides recommendations to improve it, increasing your chances of landing an interview. | by Oli from GPTDevs | TWITTER
⚒️ Agent Iterators — LangChain has introduced a feature that allows agents to run as iterators, enabling execution of a single step at a time with custom logic in between. | by @SlapDron3 and @lacicocodes | TWITTER
Charity Majors discusses the potential downsides of transitioning from an individual contributor (IC) to a managerial role, highlighting the challenges and trade-offs that come with the territory. Majors emphasizes that management requires a different skill set, often leading to less direct creation, more responsibility, and a shift in work-life balance. CHARITY.WTF
Lucas Pauker's article explores the potential of fine-tuning in Language Model Learning Machines (LLMs). He emphasizes the transformative effect of fine-tuning, comparing it to the difference between a general practitioner and a specialist doctor. HACKERNEWS
Birkin Bag Economics
The Birkin bag, designed by Hermès's chief executive Jean-Louis Dumas for actress Jane Birkin in 1983, has become the world's most expensive handbag, with prices starting at $7,000. The bag's high cost is attributed to its exquisite craftsmanship, with each bag taking up to 18 hours to complete, and the brand's strategy of rationing by queue rather than price, creating a perception of exclusivity. ECONOMIST
RECOMMENDATION OF THE WEEK
Realize that you are enough.
It’s fine to want to improve yourself, and to even obsess over doing so. That’s fine. But it shouldn’t come from a belief that how you are is somehow wrong or bad. And it most definitely shouldn’t come from the outside.
You are enough.
APHORISM OF THE WEEK
When good people pretend uncomfortable truths don’t exist—and attack those who acknowledge them—they empower the hateful to gain office and commit legalized atrocities.
We’ll see you next time,