- Unsupervised Learning
- UL NO. 398: Storm Vuln Stacking, CloudRecon, The S-Tier Guide to AI Whispering, Full-body MRIs…
UL NO. 398: Storm Vuln Stacking, CloudRecon, The S-Tier Guide to AI Whispering, Full-body MRIs…
Explore the explosive separation of society into the Thriving 10% vs. the Suffering 90%, how AI is becoming an integral part of our brains, and how to defend your family's privacy
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.
I hope you’re having a good start to the week.
This week I need your help. I need you to help convince me I don’t need an espresso machine. I have enough hobbies. And this one is expensive and takes a lot of counter space. Please help deliver me from evil.
Also, I made some tweaks to the show this week; let me know what you think!
Topics, Insights, and Resources from the Neri Oxman and Lex Fridman Podcast
Simply one of the best conversations I’ve ever heard. Unspeakably beautiful and inspiring. READ IT
This Microsoft/Storm situation is a great example of stacked real-world failures. The actor used a Microsoft account consumer key to access enterprise email, which was inadvertently included in a crash dump due to a race condition, which was later moved to a debugging environment, where it was compromised. Or as they say in the offsec space, lows and mediums can become criticals with the right situation/patience/timing. MSRC
China's state-affiliated hackers are getting better at using AI to create content meant to go viral on U.S. and other democracies' social networks, according to Microsoft researchers. The campaign focuses on divisive topics and has successfully engaged audiences in at least 40 languages, reaching over 103 million people. OODALOOP
Hackers are spamming iPhones with pop-ups using a Flipper Zero. They can basically keep prompting you to connect to a bluetooth device, which stops you from being able to use the device. TECHCRUNCH
Chinese-speaking cybercriminals are running a large-scale smishing campaign in the U.S., using compromised Apple iCloud accounts to send iMessages and conduct identity theft and financial fraud. The group, known as Smishing Triad, offers ready-to-use smishing kits via Telegram for $200 a month, impersonating popular postal and delivery services in multiple countries. THEHACKERNEWS
Apple recently released updates to fix two zero-day vulnerabilities that might have been actively exploited by attackers. These bugs, identified as CVE-2023-41064 and CVE-2023-41061, affected the Image I/O framework and the Wallet function respectively. THERECORD
Zavio IP cameras have been hit with multiple critical vulnerabilities, including 34 RCEs and 7 pre-auth BoFs. | Critical | CVE-2023-3959, CVE-2023-4249 | REDDIT
Cisco has released fixes for multiple security flaws, including a critical bug in the BroadWorks platform that could allow an attacker to take control of an affected system. The most severe issue, CVE-2023-20238, has a maximum CVSS severity rating of 10.0 and could allow an unauthenticated, remote attacker to forge credentials and access an affected system. THEHACKERNEWS
The Pentagon is planning to build a massive network of AI-powered tech, drones, and autonomous systems in the next two years to counter threats from China. The project, which is expected to cost hundreds of millions of dollars, aims to develop thousands of air-, land-, and sea-based AI systems that are "small, smart, cheap." Go read Kill Decision by Daniel Suarez if you haven’t yet. This shit is happening in real-time. THEVERGE
Cars are officially the worst product category for privacy, according to a review by Mozilla. The review highlighted that cars collect a significant amount of personal data, often without clear user consent or control. MOZILLA
Meta disrupted two major covert influence operations from China and Russia, blocking thousands of accounts across its platform. The Chinese network, linked to individuals associated with Chinese law enforcement, posted content about China, criticism of the U.S, and Western foreign policies, while the Russian operation mimicked mainstream news outlets to post fake articles weakening support for Ukraine. I’d love to see a list of these campaigns somewhere. Wouldn’t it be cool to see all the various propaganda that we’re being exposed to, and the themes they’re trying to push? THEHACKERNEWS
North Korean state hackers have targeted security researchers with at least one undisclosed zero-day exploit. This campaign is similar to one exposed in January 2021, where the same actors used social media platforms to initiate contact with their targets. BLEEPINGCOMPUTER
Swatting (where someone calls a SWAT team to raid your house) is becoming an issue beyond just the gaming world. THERECORD
MITRE and CISA have launched an open-source tool that simulates attacks on operational technology (OT). The tool, an extension for the Caldera platform, was developed to help identify and patch vulnerabilities in critical infrastructure systems like transportation, water, and electricity facilities. OODALOOP
The National Security Agency (NSA) has wrapped up a strategic study on how to use artificial intelligence (AI) and machine learning (ML) for its missions. The study, led by Gen. Paul Nakasone, explores the potential use of generative AI and ML in various missions and their impact on NSA workers. DEFENSEONE
The IRS is using artificial intelligence to catch tax evasion, focusing on big players like hedge funds, private equity groups, and real estate investors. Once this gets going they are going to find so much more income this way. NYTIMES
MBA students competed against ChatGPT to come up with the most innovative ideas. The results weren’t even close. People who don’t believe AI has creativity need to really introspect on what that means if it can win competitions like these. It’s very much like the No True Scotsman fallacy, where any challenge that humans lose “doesn’t test the real thing”. WSJ
Huawei's new smartphone, powered by an advanced Chinese-made chip, has raised interest and policy questions globally. The chip is more advanced than any previously produced in China, challenging Biden's trade policy aimed at blocking China from acquiring cutting-edge computer chips. POLITICO
Horace Dediu's piece at Asymco reveals that an iPhone customer is economically 7.4 times more valuable than an Android customer, a significant increase from the 4x rule he had a decade ago. Sounds cool, but this just means iPhone people click more and buy more. ASYMCO
China's central government officials have been told to ditch their iPhones at work, as part of a bigger plan to limit foreign influence. Apple, and the US in general, better hope this doesn’t turn into a nationwide ban. Seems unlikely, but the prospect is terrifying. TECHCRUNCH | 9TO5MAC
Grindr just lost nearly half its staff due to a strict return-to-office rule implemented over two days. Half. Half said no thanks. But like I said before, that might have been the number they were looking for. BLOOMBERG
Apple is supposedly dropping millions daily on artificial intelligence, working on multiple AI models across several teams. Put it in Siri or it didn’t happen. By Tuesday if possible. Thanks. THEVERGE
Occidental Petroleum is investing billions in technology to extract carbon dioxide from the atmosphere, a move that's both hopeful and controversial. The American oil company plans to store some of the captured carbon underground, but also use some to extract more oil, causing a divide among climate advocates. NPR
Morocco is reeling from a devastating earthquake that has claimed over 2,100 lives and thousands more critically injured. The quake's epicenter was in the rural Atlas Mountains, making rescue efforts challenging due to damaged roads and remote communities. NBCNEWS
Silicon Valley's wealthy are increasingly turning to full-body MRIs as a preventive health measure, despite no official medical body sanctioning the practice. $2,500? I’m doing it. WASHINGTONPOST
Goldman Sachs has revised the odds of a US recession next year, dropping it to a mere 15%. This comes as a positive outlook amidst the economic uncertainties. FOXBUSINESS
Gen Z is increasingly opting out of college, with four million fewer teenagers enrolling in 2022 than in 2012. I wonder how much of this has to do with ChatGPT. Like why learn stuff anymore? Not saying that’s valid, but it could be a factor? BUSINESSINSIDER
Semaglutide, marketed as Ozempic and Wegovy, is showing promise beyond just diabetes control and weight loss. New research indicates it also has cardiovascular benefits, potentially improving life quality for overweight heart patients. In a trial involving over 500 patients, those receiving weekly semaglutide injections for a year saw reduced symptoms and improved physical abilities. WIRED
Despite the increasing popularity of therapy in the US, suicide rates have risen by about 30% since 2000, and almost a third of US adults now report symptoms of either depression or anxiety. That’s around three times as many as in 2019. But we don’t know how much worse (or better) it’d be if we weren’t doing the therapy. Like is the therapy just uncovering what was underreported before? Or is this net new? TIME
Childless not by choice, men like Robert Nurden experience a deep sense of grief and isolation, often heightened on occasions like Father's Day. Research by Dr. Robin Hadley reveals that 25% of men over 42 do not have children, and half of those who wanted to be fathers describe significant grief and societal isolation. THEGUARDIAN
New York City's Local Law 18 has effectively made the city's roughly 38,500 Airbnb listings illegal, limiting short-term rentals to situations where the host is present and there are no more than two guests. REASON
My friend Caleb Sima created a presentation on how he protects his and his family's safety and privacy. He outlines his two-phase approach of "Lockdown" and "Disappearing", and discusses the importance of privacy in security, the creation of various personas, and the use of services like Privacy.com, Private Mailbox, VOIP Service, and Fastmail. SIMA
A UL member tested GPT-3.5, Claude 2, and GPT-4 to see which AI model is best at threat modeling. GPT-4 came out on top, proving less sensitive to changes in prompts and capable of building robust threat modeling automation with the right assumptions. XVNWP
Just finished reading Darkness at Noon, and am now reading Man’s Search for Meaning and The Gulag Archipelago. I think Man’s Search for Meaning is going to be one of my favorite books of all time. The intro basically sets up my exact approach to meaning and stoicism and the like.
IDEAS & ANALYSIS
AI = Augmentation Infrastructure
Terminal background ftw
AI is doing a lot for me. I’m building a product using it. I think about it a lot. And I think it’ll massively impact our future. But the most practical thing it’s doing for me is augmenting my life. To me it’s augmentation infrastructure. What you see above is the list of APIs (and their associated cli commands) that I’ve built to do things since November. My latest one is the vidcon one, which stands for “video conversation”. It lets me extract wisdom from transcripts. It’s godlike. The Neri Oxman conversation summary was created using a version fo this. Point is: I don’t see AI as a standalone tool. I see it as part of my brain that’s not yet fully integrated. But I’m working on it!
⚒️PromptTools Unveiled Hegel AI has launched PromptTools, a set of free, open-source tools for testing and experimenting with prompts. The tools can be used to run experiments in notebooks, turn evaluations into unit tests, and integrate them into your CI/CD workflow via Github Actions. PROMPTTOOLS
⚒️CloudRecon Unveiled CloudRecon is a new suite of tools designed to help red teamers and bug hunters find ephemeral and development assets in their campaigns. The tool, written in Go, includes three parts: Scrape, Store, and Retr, each serving different functions in the process of scanning IP addresses or CIDRs and inspecting SSL certificates. GITHUB
⚒️Text Generation Web UI The Gradio web UI for Large Language Models, developed by oobabooga, aims to become the go-to tool for text generation, supporting multiple model backends and offering features like custom chat characters, markdown output with LaTeX rendering, and an API for websocket streaming. The project, which received a generous grant from Andreessen Horowitz in August 2023, offers detailed documentation for users and invites contributions from the community. GITHUB
⚒️Flipper Zero Compilation CyberSecurityUP has compiled a comprehensive list of resources about Flipper Zero, a tamagochi-like device for hackers. This GitHub repository includes everything from user manuals to hardware specs. GITHUB
📝LLM Testing A developer tested over 60 language learning models (LLMs) with a set of 20 prompts to gauge their performance in real-world workflows. The results, stored in a SQLite database, offer insights into each model's capabilities in basic reasoning, instruction following, and creativity. BENCHMARKS
AI Tool Mastery Microsoft is working on a project to teach large language models (LLMs) how to use digital tools, potentially supercharging AI capabilities. The project aims to compile millions of APIs, enabling AI to perform tasks ranging from ordering pizza to solving complex equations. SCHNEIER
AI Cloning Delphi, an AI company, has developed a technology that can clone your voice and mannerisms, making a digital version of you. The technology uses machine learning algorithms to analyze your voice and facial expressions. DELPHI
Undetectable AI Undetectable AI is a new tool that transforms AI-generated content, which often gets flagged, into high-quality writing that's indistinguishable from human work. Their AI solution ensures flawless text that resonates with your audience, making it a game-changer for content creators. UNDETECTABLEAI
AI Podcast Search Mckay Wrigley has developed an AI tool that can semantically search a podcast in real-time. This innovative technology could revolutionize how we interact with audio content. TWITTER
Le Guin's Wisdom Ursula Le Guin, the renowned author, had three guiding questions above her desk: Is it true? Is it necessary or at least useful? Is it compassionate or at least unharmful? These precepts served as her starting point for writing. HACKERNEWS
Automated Newsletters The author shares his experience of creating a bespoke newsletter service, using Google App Engine, Falcon, gunicorn, Firestore, SendGrid, and jinja2. He discusses the challenges faced, including managing deployment secrets, setting up billing, and dealing with SendGrid's outage, but also the ease of not having to worry about administering a database or managing SSL. AXLEOS
Buffett's Life Lessons Jimmy Buffett's songs, like 'Margaritaville', have always been about more than just good times and margaritas, they're about life, friendship, and even death. His lyrics, now archived in the Library of Congress, continue to inspire and teach us about the human condition. NYTIMES
Opposites Don't Attract Turns out, the old saying "opposites attract" might not be so accurate. A comprehensive analysis from CU Boulder, involving millions of couples and over 130 traits, found that partners are more likely to be similar than different. COLORADO
Slack's AI Evolution Salesforce-owned Slack is introducing Slack AI, which includes channel recaps, thread summaries, and search answers, which are designed to help users quickly catch up on important discussions and find information more efficiently. VENTUREBEAT
Risk Calculation Methods Ever wondered how researchers calculate the risk from a health risk factor? It's not as straightforward as you might think. They use different metrics like risk ratios, odds ratios, and risk differences, each with its own interpretation and application. OURWORLDINDATA
Child Gun Deaths Surge Gun deaths among children in the U.S. reached a new high in 2021, with a particularly distressing impact on communities of color. The study found that nearly 50% of children who died by firearms in 2021 were Black, and the death rate was 11 times higher for Black children compared to white children. AXIOS
AI Diplomacy Breakthrough Meta AI has developed CICERO, an AI system that outperforms 90% of human players in the game Diplomacy, which requires strategic reasoning and natural language negotiation. OODALOOP
Effective SOC Management Three CISOs share their insights on running an effective Security Operations Center (SOC) in 2023, emphasizing cost efficiency, automation, clear KPIs, and robust business continuity plans. THEHACKERNEWS
AI Adoption Accelerated McKinsey & Company and Salesforce are joining forces to expedite the adoption of generative AI in businesses across sales, marketing, commerce, and service sectors. The collaboration aims to integrate Salesforce's CRM software with McKinsey's AI and data models, offering a seamless end-to-end experience for customers. VENTUREBEAT
AI-Generated Magic Cards A group of friends built Urza's AI, a website that uses artificial intelligence to generate playable Magic the Gathering cards. The project uses a combination of language AI to generate the text of a Magic card and text-to-image AI to create the card's image based on the generated text. COHERE
Espresso Machine Love The author shares a deep affection for her Breville Barista Express espresso machine, not just for the coffee it makes, but for the satisfaction of maintaining it. The machine, priced at $700, is not the cheapest or the most elegant gadget, but it's the perfect balance of complexity and approachability. I’m starting to feel the draw of espresso, and I’m not happy about it. Must. Stay. Drip. THEVERGE
RECOMMENDATION OF THE WEEK
Read Man’s Search for Meaning. It might be one of the most important books to read for anyone. It shows how one can find meaning in the worst possible situations, and therefore, how we might find it in other situations as well.
APHORISM OF THE WEEK
More of a piece of poetry this week.
A wave gently lifted him up. It came from afar and traveled serenely onward, a shrug of infinity.
Unsupervised Learning is reader-supported. When you buy through a link on our site or newsletter, UL may earn an affiliate commission