UL NO. 444: Pizza Meter Intelligence, China Bypasses Bans, Securing AWS Secrets...

SECURITY | AI | MEANING :: Unsupervised Learning is my continuous stream of original ideas, story analysis, tooling, and mental models designed to help humans lead successful and meaningful lives in a world full of AI.

TOC

• NOTES

• MY WORK

• SECURITY

• AI / TECH

• HUMANS

• IDEAS

• DISCOVERY

• RECOMMENDATION OF THE WEEK

• APHORISM OF THE WEEK

NOTES

Hi!

OSINT is one of my favorite hobbies, and the Pizza Index is one of my best examples of what you can do with it. Basically it’s how much pizza the Pentagon is ordering—with the implication being that they’re working late because something’s going down.

And with the stuff happening between Iran and Israel (and elsewhere), it looks like they’re quite busy. Lots of pizza and empty bars.

This is why I can’t wait to fully build out my agent framework, and for agent functionality to become integrated with models / platforms (my personal prediction for 2025).

This will allow OSINT experts to take all their various sources and techniques and turn them into continuous data pipelines that they publish via API.

I’ll be publishing many of these myself. Think Pizza Index, but for thousands of different signals around different activities. So, military movements, money transfers, discussion in various forums, etc. And because they’ll be AI Augmented, they won’t just be raw data streams, but actual analysis.

Anyway, super excited about this.

• Already in Vegas and we’re missing my cooled bed surface. And AC. And Neorest. But so worth it to see everyone.

• Really looking forward to our UL Member meetup later this week. Going to get to see a few long-time members in person for the first time!

• Dont’ forget your primary, secondary, and tertiary burner phones.

—

🚨The State of Things
Ok, given the state of the world right now—and the current stock market crash—I felt inspired to write a long stream-of-consciousness view of what’s happening in the world and how I plan on responding. It’s heavy and political and deep and personal, so only read it if you are interested in thinking and feeling things. READ IT

MY WORK

A slightly upgraded version of last week’s main piece on why AI will disrupt business and society.

—

I spoke with Christine Gadsby, Head of Product Security Operations Team at BlackBerry and we talked about the Role of AI in Cybersecurity, including:

• AI's real advancements, practical applications, and associated challenges, moving beyond the hype.

• Enhancing Incident Response and Threat Hunting

• Christine highlights AI's significant impact on enhancing incident response and threat hunting, how AI quickly analyzes vast data to identify Indicators of Compromise (IoCs), automates routine tasks, and improves decision-making with actionable insights.

• And lots more…

Go check it out. WATCH THE INTERVIEW

SECURITY

Two critical ServiceNow vulnerabilities reported by AssetNote 💪 are being actively exploited. These flaws allow attackers to access databases, exfiltrate data, and read arbitrary files, and they’re currently affecting between 13k to 42k instances. MORE

A company has reportedly paid a new record-high $75 million to a ransomware group. It’s a lot of money compared to anything other than not being able to do business. MORE

DigiCert is revoking 83,000 TLS certificates due to a domain validation bug that could lead to clashes between records and subdomains. MORE

China is getting around U.S. bans on advanced AI chips through smuggling, front companies, and loopholes, ultimately allowing restricted Nvidia GPUs to flow into the country despite export controls. MORE 

Ransomware attacks are rising with an 18% year-on-year increase reported by Zscaler ThreatLabz, including a record $75 million ransom paid this year. The U.S. faces nearly half of all attacks, with the U.K. being the second most targeted country. MORE

A great analysis here of securing secrets in AWS outlines how to improve credentials access incrementally. The post covers using Secrets Manager and KMS to eliminate plaintext secrets from production and enhance credential management in CI/CD pipelines. MORE

A solid blog post discusses creating custom implants for evasion by building them in C, detailing server setup, client functionality, and testing against security tools. MORE

The average cost of a data breach jumped 10% to $4.88 million in 2023 according to the Cost of a Data Breach Report 2024. MORE

China is tightening its civilian drone export rules starting September 1 to prevent their use in military or terrorist activities. The new controls will target drones with IR imaging, laser guidance, and high-precision inertial measurement devices, while lifting restrictions on long-range civilian drones. MORE

AI / TECH

OpenAI has started rollout of its new ChatGPT Voice feature for ChatGPT Plus users, enabling real-time conversations with emotion detection. Initially available to a small group, it will expand to all Plus users by fall 2024. MORE

Black Hat USA 2024 Preview: AI, AI, and More AI — Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch, along with Brian Donohue, discuss the upcoming Black Hat talks they're excited about. Highlights include sessions with H D Moore, Sherrod DeGrippo, and Moxie Marlinspike, as well as some intriguing talks with cryptic titles. MORE

California's SB-1047, the "Safe and Secure Innovation for Frontier Artificial Intelligence Models Act," aims to regulate large AI models by mandating safety measures to prevent catastrophic incidents. Critics argue that the bill's focus on existential threats could stifle current AI research and development. MORE

The EU's risk-based AI regulation began on August 1 with staggered compliance deadlines categorizing AI applications into low/no-risk, high-risk, and limited risk tiers. It imposes transparency, risk management, and penalties for violations, with standards for high-risk and powerful general-purpose AI models to be finalized by April 2025. MORE

OpenAI has launched the GPT-4o Long Output model (in limited availability), which extends its output capacity to 64,000 tokens—16 times more than the original GPT-4o. I think the best use cases for this will be things like writing long-form content. MORE

Google's experimental Gemini 1.5 Pro has claimed the top spot on the AI Chatbot Arena leaderboard, surpassing OpenAI's GPT-4 and Anthropic's Claude 3.5 with a score of 1300. I’ve personally not used it yet because I find using Google products to be excrucatingly painful—especially their AI products. MORE

Meta says it will need 10x more computing power to train Llama 4 compared to Llama 3. So impressed with how Mark has gone from Metaverse Failing to AI Winning in like a year. I credit Jujitsu. | MORE

Elliott Management is calling Nvidia a 'bubble' and says AI is 'overhyped'. They argue that the market is overly optimistic about AI's potential and Nvidia's role in it. I think it’s a bubble, but it’s a bubble like the internet in 1995. In other words, there will be a bursting of AI hype, but that’s completely unrelated to the hockeystick AI is about to produce. These are unrelated things. MORE | MY ANALYSIS

Bellingcat has put together a guide on identifying explosive ordnance (EO) in social media imagery. It covers how to verify the authenticity of images, use reverse image searches, and identify EO based on text, colors, shapes, and contextual clues. MORE

CrowdStrike is facing massive lawsuit after Blue Friday crashed over 8 million computers globally. The lawsuit claims the company made "false and misleading" statements about its software testing, leading to a 32% drop in share price and a $25 billion loss in market value. MORE

Intel is laying off over 15% of its workforce as part of a $10 billion cost reduction plan after missing quarterly earnings expectations. The company reported a $1.61 billion net loss for Q2 2024 and will not pay its dividend in the fiscal fourth quarter. MORE

Apple just posted a record-breaking Q3 2024 with $85.78 billion in revenue, surpassing analyst expectations of $84.46 billion. Not sure why Berkshire Hathaway just sold so much of it. People are saying he’s anticipating a massive sell-off and he wants to be in cash. MORE

Apple is ramping up spending to get Apple Intelligence ready for launch this fall. I’m using the beta that has it, and it’s already pretty impressive even without most of the stuff turned on. MORE

HUMANS

A lot of the world tried to push Huawei out of their infrastructure, but they’re actually getting more powerful, not less. MORE

A software company increased user engagement by 8x by drastically shortening their emails. Netlify's initial 150-word emails had a 1% reply rate, but cutting the text to 37 words boosted replies to 4%, and further reducing it to 14 words doubled that rate to 8%. Insane. Maybe the takeaway is people don’t have much time, and you should respect it. MORE

Last month, Shane Mac offered everyone at his company $25,000 to quit, and six people took it. He did this because he realized he had oversold the culture and needed to reset expectations to align with their ambitious mission of building a decentralized and secure messaging protocol. The move was part of a broader effort to rewrite their values, raise the hiring bar, and ensure only those deeply committed to the mission stayed on board. MORE

Journalist Evan Gershkovich was among a group of Americans and Russian dissidents released from Russia in a seven-nation prisoner swap, the largest since the Cold War. The US and Europe released eight Russian prisoners, including hitman Vadim Krasikov. MORE

Researchers at the University of California, Santa Barbara have developed an AI model called SharkEye to help prevent shark attacks. The model uses drones to detect sharks with greater accuracy than humans, even spotting those below the water's surface. MORE

Treating failing eyesight and high cholesterol are two new ways to lower the risk of developing dementia, according to a major report. The Lancet Commission's latest findings suggest that addressing 14 health issues could theoretically prevent nearly half of all dementia cases worldwide. MORE

Self-control is about 60% heritable, meaning genes explain roughly 60% of the differences in self-control among individuals. A meta-analysis of 31 studies involving over 30,000 twins showed that identical twins are more similar in self-control than non-identical twins, highlighting the genetic influence. MORE

A new study reveals that people tend to alter their appearance to match their names. Researchers found that adults' faces often align with social stereotypes associated with their names, while children's faces do not show this pattern. I guess be even more careful what you name your kids? MORE

A key protein called Reelin may help stave off Alzheimer's disease. A number of new studies suggest that Reelin helps maintain thinking and memory in aging brains, and when its levels fall, neurons become more vulnerable. People are starting to work on drugs for this, obviously. MORE

Wizards of the Coast will release the 2024 Dungeons & Dragons rulebooks under a Creative Commons license, fulfilling a promise made after backlash over attempts to change the Open Gaming License. MORE

"If Novelists Wrote Your Bug Reports" imagines how famous authors would describe software bugs in their unique styles. Ernest Cline likens a screen flicker to scenes from "Back to the Future" and "Ghostbusters," while Ursula K. Le Guin philosophizes about the existential pain of coding errors. MORE

IDEAS

More analysis on how bad the results were of the recent UBI study done by Sam Altman. It appears to be pretty bad, just like we talked about last week.

—

A really cool idea from Jonathan Haidt about free-range kids, and a cool idea for giving them more freedom.

DISCOVERY

🌱Farmbot is an open-source farming machine for growing food in your own backyard. MORE

Supermemory — An AI-powered platform to organize, search, and utilize saved information, acting as a digital second brain. Key features include importing bookmarks from Twitter, saving content from any source, and retrieving info with instant answers. It's open source. | by Supermemory AI | MORE

Friend — Avi Schiffmann's new AI pendant, Friend, is designed to combat loneliness by sending you reassuring or playful texts based on what it overhears. The always-listening device, which doesn't store recordings, has been compared to an adult Tamagotchi and is available for preorder at $99. | by Avi Schiffmann | MORE

Fabric – Daniel Kossmann walks you through installing Fabric, an open-source AI framework by Daniel Miessler, on Ubuntu Linux. | by Daniel Kossmann | MORE

Fleet – An open-source version of FleetDM's tool built on Osquery for vulnerability monitoring, MDM, detection engineering, and more applications. | by Fleet | MORE

SOC2 Policy Templates – A collection of templates for SOC2 policies and procedures that can be outputted as an HTML dashboard or PDF. MORE

Clutch Security – A platform providing visibility into all non-human identities within an organization, helping security teams identify associated risks. | by Clutch Security | MORE

RECOMMENDATION OF THE WEEK

If you’re at Blackhat this week, remember that 10 and 20 years from now you won’t remember the talks you saw this year. But you will remember spending that time with your friends.

Prioritize friend-time over presentation-time.

Not only is the friend time more precious and valuable, but you can get the talks later if you really want to.

APHORISM OF THE WEEK