- Unsupervised Learning
- Posts
- UL NO. 444: Pizza Meter Intelligence, China Bypasses Bans, Securing AWS Secrets...
UL NO. 444: Pizza Meter Intelligence, China Bypasses Bans, Securing AWS Secrets...
What to expect at Blackhat/DEFCON, Identifying Explosives, OpenAI's new models, Llama 4 Timeline, and more...
SECURITY | AI | MEANING :: Unsupervised Learning is my continuous stream of original ideas, story analysis, tooling, and mental models designed to help humans lead successful and meaningful lives in a world full of AI.
TOC
NOTES
Hi!
OSINT is one of my favorite hobbies, and the Pizza Index is one of my best examples of what you can do with it. Basically it’s how much pizza the Pentagon is ordering—with the implication being that they’re working late because something’s going down.
And with the stuff happening between Iran and Israel (and elsewhere), it looks like they’re quite busy. Lots of pizza and empty bars.
🚨Pizza meter is off the charts and the “bars” in DC are empty near the Pentagon. Brace yourselves.
— RealBenGeller (@RealBenGeller)
2:07 AM • Aug 3, 2024
This is why I can’t wait to fully build out my agent framework, and for agent functionality to become integrated with models / platforms (my personal prediction for 2025).
This will allow OSINT experts to take all their various sources and techniques and turn them into continuous data pipelines that they publish via API.
I’ll be publishing many of these myself. Think Pizza Index, but for thousands of different signals around different activities. So, military movements, money transfers, discussion in various forums, etc. And because they’ll be AI Augmented, they won’t just be raw data streams, but actual analysis.
It appears X may be about to initiate an attack against Y. We make this assessment based on the following:
- The following troop and vehicle movements
- The following comments made by experts with an exemplary prediction record
- These moves in the following 3 prediction markets
Based on all three of these, we estimate a 93% chance of this attack taking place within 72 hours.
Anyway, super excited about this.
Already in Vegas and we’re missing my cooled bed surface. And AC. And Neorest. But so worth it to see everyone.
Really looking forward to our UL Member meetup later this week. Going to get to see a few long-time members in person for the first time!
Dont’ forget your primary, secondary, and tertiary burner phones.
—
🚨The State of Things
Ok, given the state of the world right now—and the current stock market crash—I felt inspired to write a long stream-of-consciousness view of what’s happening in the world and how I plan on responding. It’s heavy and political and deep and personal, so only read it if you are interested in thinking and feeling things. READ IT
I don't know two shits about the Yen or the likelihood of a US recession, but what I can tell you is how I see things right now—as someone in the US—and how I am personally going to respond.
First and most obviously—things are a bit crazy. Here’s a short list.
- Riots in the UK… x.com/i/web/status/1…
— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚☕️🗣️ (@DanielMiessler)
3:56 PM • Aug 5, 2024
MY WORK
A slightly upgraded version of last week’s main piece on why AI will disrupt business and society.
—
I spoke with Christine Gadsby, Head of Product Security Operations Team at BlackBerry and we talked about the Role of AI in Cybersecurity, including:
AI's real advancements, practical applications, and associated challenges, moving beyond the hype.
Enhancing Incident Response and Threat Hunting
Christine highlights AI's significant impact on enhancing incident response and threat hunting, how AI quickly analyzes vast data to identify Indicators of Compromise (IoCs), automates routine tasks, and improves decision-making with actionable insights.
And lots more…
Go check it out. WATCH THE INTERVIEW
SECURITY
Two critical ServiceNow vulnerabilities reported by AssetNote 💪 are being actively exploited. These flaws allow attackers to access databases, exfiltrate data, and read arbitrary files, and they’re currently affecting between 13k to 42k instances. MORE
A company has reportedly paid a new record-high $75 million to a ransomware group. It’s a lot of money compared to anything other than not being able to do business. MORE
DigiCert is revoking 83,000 TLS certificates due to a domain validation bug that could lead to clashes between records and subdomains. MORE
Sponsor
Dropzone AI
Hey, Daniel here.
I've seen a thousand different AI + Security startups at this point. Most are very early and/or theoretical. Some are pretty decent, and a few are impressive.
But the absolute best I've seen so far - by far - is Dropzone.ai. They’re the only company I’ve seen that’s really mastered the agent aspect of doing investigations.
It takes alerts from various tools and just starts working on them—just like a human would. Needs more data, goes and researches that. Needs to find some context? It goes and gets that.
So by the end you have a fully documented set of steps that were taken to research an alert, and a conclusion on whether or not it was malicious—all with full documentation.
I’m so impressed with it that I’m now an advisor as well.
Want to learn more and see Dropzone.ai in action? Come meet the Dropzone.ai team in person at Security Wasteland during Black Hat.
China is getting around U.S. bans on advanced AI chips through smuggling, front companies, and loopholes, ultimately allowing restricted Nvidia GPUs to flow into the country despite export controls. MORE
Ransomware attacks are rising with an 18% year-on-year increase reported by Zscaler ThreatLabz, including a record $75 million ransom paid this year. The U.S. faces nearly half of all attacks, with the U.K. being the second most targeted country. MORE
💡I’ve always considered ransomware attacks to be something we’d have to invent as a government service if it didn’t exist in the marketplace. Like as a way to test and punish bad security.
But my intuition was that after a number of years it would get harder and harder because security would increase. So if they’re still increasing, I wonder what the reason is. Are attackers moving to more vulnerable targets after others locked themselves down, or are they just getting better at finding holes, something else, or all of the above.
Probably all of the above.
If someone has more insight—or a write-up on this—on that I’d appreciate it.
A great analysis here of securing secrets in AWS outlines how to improve credentials access incrementally. The post covers using Secrets Manager and KMS to eliminate plaintext secrets from production and enhance credential management in CI/CD pipelines. MORE
A solid blog post discusses creating custom implants for evasion by building them in C, detailing server setup, client functionality, and testing against security tools. MORE
The average cost of a data breach jumped 10% to $4.88 million in 2023 according to the Cost of a Data Breach Report 2024. MORE
China is tightening its civilian drone export rules starting September 1 to prevent their use in military or terrorist activities. The new controls will target drones with IR imaging, laser guidance, and high-precision inertial measurement devices, while lifting restrictions on long-range civilian drones. MORE
AI / TECH
OpenAI has started rollout of its new ChatGPT Voice feature for ChatGPT Plus users, enabling real-time conversations with emotion detection. Initially available to a small group, it will expand to all Plus users by fall 2024. MORE
💡I am part of this initial rollout and I can tell you that the conversations with the product are far more natural now.
I talk to AI a lot using the Cove voice on ChatGPT (Cove sounds an awful lot like TARS from Iterstellar btw) and that I have mapped to double-tap and my Action Button on my phone for quick access.
Now it’s just a bit more natural sounding, although I’m getting a lot of weird artifacts in the voice which could be due to load or bandwidth issues. Not sure.
Black Hat USA 2024 Preview: AI, AI, and More AI — Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch, along with Brian Donohue, discuss the upcoming Black Hat talks they're excited about. Highlights include sessions with H D Moore, Sherrod DeGrippo, and Moxie Marlinspike, as well as some intriguing talks with cryptic titles. MORE
California's SB-1047, the "Safe and Secure Innovation for Frontier Artificial Intelligence Models Act," aims to regulate large AI models by mandating safety measures to prevent catastrophic incidents. Critics argue that the bill's focus on existential threats could stifle current AI research and development. MORE
The EU's risk-based AI regulation began on August 1 with staggered compliance deadlines categorizing AI applications into low/no-risk, high-risk, and limited risk tiers. It imposes transparency, risk management, and penalties for violations, with standards for high-risk and powerful general-purpose AI models to be finalized by April 2025. MORE
OpenAI has launched the GPT-4o Long Output model (in limited availability), which extends its output capacity to 64,000 tokens—16 times more than the original GPT-4o. I think the best use cases for this will be things like writing long-form content. MORE
Google's experimental Gemini 1.5 Pro has claimed the top spot on the AI Chatbot Arena leaderboard, surpassing OpenAI's GPT-4 and Anthropic's Claude 3.5 with a score of 1300. I’ve personally not used it yet because I find using Google products to be excrucatingly painful—especially their AI products. MORE
Meta says it will need 10x more computing power to train Llama 4 compared to Llama 3. So impressed with how Mark has gone from Metaverse Failing to AI Winning in like a year. I credit Jujitsu. | MORE
Elliott Management is calling Nvidia a 'bubble' and says AI is 'overhyped'. They argue that the market is overly optimistic about AI's potential and Nvidia's role in it. I think it’s a bubble, but it’s a bubble like the internet in 1995. In other words, there will be a bursting of AI hype, but that’s completely unrelated to the hockeystick AI is about to produce. These are unrelated things. MORE | MY ANALYSIS
Bellingcat has put together a guide on identifying explosive ordnance (EO) in social media imagery. It covers how to verify the authenticity of images, use reverse image searches, and identify EO based on text, colors, shapes, and contextual clues. MORE
CrowdStrike is facing massive lawsuit after Blue Friday crashed over 8 million computers globally. The lawsuit claims the company made "false and misleading" statements about its software testing, leading to a 32% drop in share price and a $25 billion loss in market value. MORE
Intel is laying off over 15% of its workforce as part of a $10 billion cost reduction plan after missing quarterly earnings expectations. The company reported a $1.61 billion net loss for Q2 2024 and will not pay its dividend in the fiscal fourth quarter. MORE
Apple just posted a record-breaking Q3 2024 with $85.78 billion in revenue, surpassing analyst expectations of $84.46 billion. Not sure why Berkshire Hathaway just sold so much of it. People are saying he’s anticipating a massive sell-off and he wants to be in cash. MORE
Apple is ramping up spending to get Apple Intelligence ready for launch this fall. I’m using the beta that has it, and it’s already pretty impressive even without most of the stuff turned on. MORE
HUMANS
A lot of the world tried to push Huawei out of their infrastructure, but they’re actually getting more powerful, not less. MORE
A software company increased user engagement by 8x by drastically shortening their emails. Netlify's initial 150-word emails had a 1% reply rate, but cutting the text to 37 words boosted replies to 4%, and further reducing it to 14 words doubled that rate to 8%. Insane. Maybe the takeaway is people don’t have much time, and you should respect it. MORE
Last month, Shane Mac offered everyone at his company $25,000 to quit, and six people took it. He did this because he realized he had oversold the culture and needed to reset expectations to align with their ambitious mission of building a decentralized and secure messaging protocol. The move was part of a broader effort to rewrite their values, raise the hiring bar, and ensure only those deeply committed to the mission stayed on board. MORE
💡This is what I’ve been on about with the Alaskan Fishing Boat analogy. Companies only want fully-dedicated murderers now. Entitled people, people who are are C and B players—all of those are going to get increasingly phased out.
And AI will cut even more people who’ve been hiding in middle management and other parts of the org where they get paid tons of money to not add much value.
All the consultancies are going to use AI to come in and evaluate business operations and find all those people, and recommend to the C-team that they be fired and replaced with 1/10th their number of A-players, and AI.
Journalist Evan Gershkovich was among a group of Americans and Russian dissidents released from Russia in a seven-nation prisoner swap, the largest since the Cold War. The US and Europe released eight Russian prisoners, including hitman Vadim Krasikov. MORE
Researchers at the University of California, Santa Barbara have developed an AI model called SharkEye to help prevent shark attacks. The model uses drones to detect sharks with greater accuracy than humans, even spotting those below the water's surface. MORE
Treating failing eyesight and high cholesterol are two new ways to lower the risk of developing dementia, according to a major report. The Lancet Commission's latest findings suggest that addressing 14 health issues could theoretically prevent nearly half of all dementia cases worldwide. MORE
Self-control is about 60% heritable, meaning genes explain roughly 60% of the differences in self-control among individuals. A meta-analysis of 31 studies involving over 30,000 twins showed that identical twins are more similar in self-control than non-identical twins, highlighting the genetic influence. MORE
💡Holy crap this could be devastating if it’s supported in further studies. I worry about the narrative that both IQ and self-discipline are mostly genetic, thus giving people an easy ramp to write off individuals or groups if they have lower averages.
Luckily, even if true, 1) groups don’t define individuals, and 2) there’s likely a LOT of slack in the environmental part that we’re not—as a society—tapping into yet.
A new study reveals that people tend to alter their appearance to match their names. Researchers found that adults' faces often align with social stereotypes associated with their names, while children's faces do not show this pattern. I guess be even more careful what you name your kids? MORE
A key protein called Reelin may help stave off Alzheimer's disease. A number of new studies suggest that Reelin helps maintain thinking and memory in aging brains, and when its levels fall, neurons become more vulnerable. People are starting to work on drugs for this, obviously. MORE
Wizards of the Coast will release the 2024 Dungeons & Dragons rulebooks under a Creative Commons license, fulfilling a promise made after backlash over attempts to change the Open Gaming License. MORE
"If Novelists Wrote Your Bug Reports" imagines how famous authors would describe software bugs in their unique styles. Ernest Cline likens a screen flicker to scenes from "Back to the Future" and "Ghostbusters," while Ursula K. Le Guin philosophizes about the existential pain of coding errors. MORE
IDEAS
More analysis on how bad the results were of the recent UBI study done by Sam Altman. It appears to be pretty bad, just like we talked about last week.
A lot happened in July.
But, one event went quietly unnoticed.
The result of largest American controlled experiment in Universal Basic Income (UBI) was released.
You haven’t heard about it because the findings are terrifyingly bad. (1/12)— Athan Koutsiouroumbas (@Athan_K)
5:23 PM • Aug 2, 2024
—
A really cool idea from Jonathan Haidt about free-range kids, and a cool idea for giving them more freedom.
Here's a great collective action solution that you might be able to do in your neighborhood: Create a "play street", once a month: close off a street for 2 hours, for kids to play, for neighbors to meet. It has transformative effects!
theatlantic.com/family/archive…
— Jonathan Haidt (@JonHaidt)
11:54 AM • Aug 3, 2024
DISCOVERY
🌱Farmbot is an open-source farming machine for growing food in your own backyard. MORE
Supermemory — An AI-powered platform to organize, search, and utilize saved information, acting as a digital second brain. Key features include importing bookmarks from Twitter, saving content from any source, and retrieving info with instant answers. It's open source. | by Supermemory AI | MORE
Friend — Avi Schiffmann's new AI pendant, Friend, is designed to combat loneliness by sending you reassuring or playful texts based on what it overhears. The always-listening device, which doesn't store recordings, has been compared to an adult Tamagotchi and is available for preorder at $99. | by Avi Schiffmann | MORE
Fabric – Daniel Kossmann walks you through installing Fabric, an open-source AI framework by Daniel Miessler, on Ubuntu Linux. | by Daniel Kossmann | MORE
Fleet – An open-source version of FleetDM's tool built on Osquery for vulnerability monitoring, MDM, detection engineering, and more applications. | by Fleet | MORE
SOC2 Policy Templates – A collection of templates for SOC2 policies and procedures that can be outputted as an HTML dashboard or PDF. MORE
Clutch Security – A platform providing visibility into all non-human identities within an organization, helping security teams identify associated risks. | by Clutch Security | MORE
RECOMMENDATION OF THE WEEK
If you’re at Blackhat this week, remember that 10 and 20 years from now you won’t remember the talks you saw this year. But you will remember spending that time with your friends.
Prioritize friend-time over presentation-time.
Not only is the friend time more precious and valuable, but you can get the talks later if you really want to.
APHORISM OF THE WEEK
Friends show their love in times of trouble, not in happiness.