Skip to content

Unsupervised Learning Newsletter NO. 351

News & Analysis

SECURITY NEWS

Cloudflare has built a service called Turnstile to enable people to securely bypass CAPTCHAs. For Apple users it'll be even better, allowing you to automatically bypass CAPTCHAs using iOS 16. Apple made this possible with the iOS 16 release, but it required that sites made changes to get it to work. Cloudflare's new service lets sites avoid that work by just calling an API—and they don't even have to be a Cloudflare customer. Hell yeah. Killing CAPTCHA annoyance—well done. If you're trying to make us forget Kiwi Farms, it's kind of working. Now do cookie popups. MORE | DETAIL ON TURSTILE | HOW TO ENABLE IT

There's a new Exchange zero-day, and it's being used in active attacks. It's actually two vulns: one an SSRF, and another an RCE. The company that found the issues, GTSC, has linked the exploits and the attacks to China. MORE | MITIGATION STEPS

The FBI caught an ex-NSA employee trying to sell top-secret documents to a foreign government. He used an email account to send the documents to who he thought was a foreign government representative, but it was an FBI agent. MORE | DOJ REPORT

Sponsor

🔭 ZeroFox: External cybersecurity is your first line of defense

Threat activity originates beyond the corporate perimeter. Traditional security protections have a role in a holistic cybersecurity program, but they aren’t enough. External cybersecurity allows you to look beyond the perimeter; keep your eyes on the horizon and protect your organization, your employees, and your customers sooner.

Download the External Cybersecurity Guide to learn:

  • The definition and elements of External Cybersecurity
  • Benefits of a strong external cybersecurity strategy
  • Tips to overcome barriers in the gray space
  • Specific use cases of external cybersecurity
  • And more!

zerofox.com/unsupervised-learning

Download the External Cybersecurity Guide

The US's FCC is moving to ban spam text messages. MORE

Incidents

  • Auth0 says source code may have been stolen during a "security event". MORE

TECHNOLOGY NEWS

Tesla did another demo of its Robot this year at its AI Day event. This time it was a real robot instead of someone in a suit, but the demo showed a surprising amount of humility. Elon and others made lots of comments about modest, steady progress, which is a change in tone to how they talk about, say, getting to Mars. Elon has said he believes robots in the home will become far more important to humans than electric cars. MORE

Google has killed off Stadia, its cloud gaming platform. Nobody is surprised, least of all me. I don't know why someone important at the company isn't asking serious questions about why so many products go from inception to graveyard in just a couple of years. It's becoming a serious trust issue. Why should I be excited about a new product offering if I can safely assume it'll be shut down soon? MORE | MY ANALYSIS

Zuckerberg has frozen hiring at Meta. The memo announcing the freeze said the budget next year would be 'very tight'. MORE

There's no longer a waitlist for DALL-E 2. MORE | SIGN UP

BMW is going to use Amazon Alexa as its in-car assistant technology. MORE

HUMAN NEWS

There were 4 explosions along the Nord Stream natural gas pipeline last week, which are widely believed to be the result of sabotage. The US and other governments blame Russia, and Russia is blaming the US. The damage will further exacerbate Europe's energy crisis heading into Winter. NYTIMES | AP EXPLAINER | KONSTANTIN KISIN ANALYSIS

CONTENT, IDEAS, & ANALYSIS

✍️ Stadia is Google's Product Strategy
Me predicting Stadia's demise as early as the week it launched, including multiple posts about why Google is so bad at product strategy and UI/UX. Kind of ranty, but in a cathartic way if you feel the same way. READ | SHARE ON TWITTER

Chess Drama
There's a massive cheating scandal in Chess right now. It's the biggest controversy in Chess history, basically. It started when a young US player known for admitting to cheating beat Magnus Carlson, arguably the best player of all time and the current world champion. He beat him easily, and with the Black pieces, which is not easy to do. Magnus resigned shortly after and started insinuating that Hans (the guy who beat him) was cheating. What's really interesting is that the internet has now started doing deep analysis of not just Hans' games, but many GMs' games, showing how often they match to the chess computer. The TLDR is that Hans has 100% matched the computer more often than anyone in history, according to the existing analysis. And most people I've seen on YouTube now think he is cheating. One of the techniques proposed includes morse code sent to a pellet that one puts in their butt. What a shitty way to win. MORE | ANALYSIS VIDEO

More Access for Artists Means It's Harder to Get Noticed
I've been thinking a lot about meritocracy lately. Whether it's good, bad, or neutral. One of my thoughts there, which I'll turn into a full essay soon, is that meritocracy magnifies inequality. Or, to put it another way I've heard it, if there are two main reasons for outcome differences: innate talent and environment, and you equalize environment, then you will naturally see a wider distribution according to talent. Something like that is happening with it becoming easier to produce and publish music, to make art using AI tools, to make videos on YouTube, etc. It's like the more people who do it, the more the 90% fade into the background and the top 10% or the top 1% just shine even brighter. This is quite sobering to me. I'd much rather believe that meritocracy, and opening up creativity to the masses more generally, will help many more people. And I suppose it will. But perhaps not in the numbers it would need to to sustain a population of people who can't compete with robots/automation in other areas. MORE

NOTES

I am reading 3 books by Will Storr right now. I started with The Status Game after seeing Will on Sam Harris' podcast, but once he mentioned his other two books at the beginning of that one I went and did those too. I finished the first one already, am mostly done with the second one, and can't wait to get back to the first one (the third one). Although I hear he has even more previous to these three. I might submit The Science of Storytelling to the book club for next month. I like it that much.

I just had a sick idea for how to display a book summary, and I'm going to build it and use it to display all of ours on the member site. Basically, I'm going to have a slider for depth, starting with a single-sentence summary like I have today. And when you slide it over to go deeper, it goes from single-sentence, to chapter points, to takeaways, to full analysis. I wish I could read all books (or at least their summaries) this way. MORE

I massively up-leveled my Apple Watch Ultra by getting a Silver Milanese Loop for it. It matches the watch pretty closely and just makes it look a lot more refined. PHOTO

I am super excited about what we're about to be bringing to members. WAY more content. Better organization of content. Just…better. Not having a separate day job is going to be spectacular in so many ways, and this is one of my favorites.

DISCOVERY

🛠️ maigret | RECON | (2K⭐️)
maigret collects a dossier on a person by username only, checking for accounts on over 2,500 sites and gathering all the available information from each source. It then turns that into a PDF and/or a mindmap for you. TOOL | by SOXOJ | CONSOLE OUTPUT

🛠️ lemmeknow | OFFSEC | (254⭐️)
lemmeknow can be used for identifying mysterious text or to analyze hard-coded strings from captured network packets, malware, or just about anything. TOOL | by SWANANDX

🛠️ nginxpwner | OFFSEC | (519⭐️)
nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. TOOL | by STARKODE | FOLLOW ON TWITTER

📜 What I Learned by Reading 200+ IDOR Reports | BOUNTY
An in-depth analysis of IDOR bounty reports, including where they're usually found, what most people get wrong about looking for them, and more. READ THE POST | by NYNAN

🔭 [Sponsor] ZeroFox: External Cybersecurity is Your First Line of Defense — Defend your company from outside your walls, before they get inside. DOWNLOAD THE EXTERNAL CYBERSECURITY GUIDE

🔎 The Q4 2022 Reddit Information Security Hiring Thread MORE

How Palantir Does Continuous Vulnerability Scanning MORE

How Corben Leo hacked a game company this year. MORE

Learning is Remembering MORE

A New York Times breakdown of white, pink, brown, and other types of "noise", and what they are being used for. MORE (Includes Sound Demos)

Cloudflare launched Radar 2.0. It's basically internet monitoring with some Security PewPew thrown in. Pretty cool if you're into that type of thing. Which I am. MORE

Inflation is affecting book printing by forcing smaller publishers to use thinner pages, shorter books, tighter typography, and other cost-saving measures. MORE

You Don't Need Scrum; You Just Need to Do Kanban Right MORE

Work on Stuff That Matters MORE

RECOMMENDATION OF THE WEEK

There are four things you want to say to loved ones before they die. 1) I love you. 2) I forgive you. 3) Please forgive me. And for parents who are dying, 4) I'm proud of you.

via Shoshana Berger and BJ Miller

APHORISM OF THE WEEK

"Man is the only creature who refuses to be what he is."

Albert Camus