UL NO. 446: AI Ecosystem Components, MS 0-Days, Iranian Campaign Hacks…

Political deepfakes are here, Grok2 is insane, weakness vs. evil, and more…

Author

Daniel Miessler
August 20, 2024

SECURITY | AI | MEANING :: Unsupervised Learning is a stream of original ideas, story analysis, tooling, and mental models designed to help humans lead successful and meaningful lives in a world full of AI.

TOC

NOTES

Hey!

Few things here to start out:

  • All better from being sick. Was quite minor. Would not even have known I was sick if not for testing.

  • We migrated Fabric to Go! It’s now easier to install, upgrade, and it’s way faster. INSTALL/MIGRATE

  • Joe Rogan had Peter Thiel on the podcast, and it was a brilliant conversation. One of the best podcasts of that type in months. MORE

  • I bought one of those mini-libraries to put in my neighborhood. Love the idea of sharing books with the local community!

Ok, let’s go…

MY WORK

My new essay on the 4 components (not just the model weights!) that will decide who wins out of OpenAI, Anthropic, Meta, or Google.

The 4 Components of Top AI Model Ecosystems

The four things I think will determine who wins the AI Model Wars

danielmiessler.com/p/ai-model-ecosystem-4-components

A short essay on what I see as the root of a lot of “LLMs can’t reason” arguments.

The Link Between Free Will and LLM Denial

Denying the specialness of LLMs seems tied to over-believing in the specialness of humans.

danielmiessler.com/p/free-will-llms

SECURITY

Microsoft just released patches for 90 security flaws, including 10 zero-days, with six of those being actively exploited. Notable vulnerabilities include CVE-2024-38189 (RCE in Microsoft Project), CVE-2024-38178 (memory corruption in Windows Scripting Engine), and CVE-2024-38213 (SmartScreen bypass). MORE

Russian cyberspies from the FSB, along with a new group called COLDWASTREL, have been running a massive phishing campaign dubbed "River of Phish" targeting US and European entities since 2022. The campaign aims to steal credentials and 2FA tokens from high-risk individuals, NGOs, media outlets, and government officials. MORE

The Pentagon is planning to flood the Taiwan Strait with thousands of drones in the event of a Chinese invasion. US Indo-Pacific Command chief Admiral Samuel Paparo described the strategy as creating an "unmanned hellscape" to delay Chinese forces and buy time for US and allied reinforcements. Weird that we just tell people our strategies like this, though. MORE

Sponsor

The Next Big Thing in Automated Security Investigations 

Dropzone.ai is the the only company I’ve seen that has truly nailed the agent-driven approach to investigations. Or really Agents used in a cyber workflow.

What they do is take alerts that come from tools like PAN, and they start autonomously investigating them, just like a human analyst. This is where this is all going, and they’re the best I’ve seen. So much so that I’m now an advisor for them!!

By the way, if you’re interested in where this is all headed, check out this article on how Gartner just canceled SOAR. It’s a clear signal that companies like Dropzone are where things are going.

Jeff Sims has published a timeline of his research on offensive AI agents, detailing the development of three distinct types of offensive AI systems. MORE

SolarWinds has patched a critical deserialization vulnerability (CVE-2024-28986, CVSS 9.8) in its Web Help Desk software that could allow remote code execution. The flaw affects all versions up to 12.8.3 and has been fixed in hotfix 12.8.3 HF 1. MORE

Iranian banks have been hit by a massive cyber attack, reportedly one of the largest in the country's history. Seems likely tied to Israel/Iran tensions. MORE

Trump shared a fake image of Harris speaking at a Communist event. This one looks fairly fake, but 1) lots of people will still believe it’s real, and 2) current tech can already make more believable ones. We’re actually at the point I talked about here:

Iranian hacker group APT42 has targeted both Trump and Biden campaigns, according to Google's Threat Analysis Group. The group, believed to be working for Iran's Revolutionary Guard Corps, targeted both campaigns, but only Trump's campaign appears to have had sensitive files leaked to the press, which is quite curious. MORE

Trump corroborated this by pointing the finger at Iran for hacking his presidential campaign, praising the FBI's investigation into the breach. He mentioned that the FBI is handling it professionally and reiterated multiple times that Iran was behind it, though he didn't share specific details from the agency. MORE

Sponsor

ProjectDiscovery Cloud Platform Asset Discovery

Our latest release includes enhanced tech stack detection and universal asset discovery.

For Individuals & Bug Bounty Hunters: Discover and monitor up to 10 domains daily.

For Organizations: Uncover your external attack surface and cloud assets with automatic asset enrichment and daily monitoring.

China-linked cyber-spies have infected dozens of Russian government and IT sector computers with backdoors and trojans since late July, according to Kaspersky. The attacks, dubbed EastWind, are linked to APT27 and APT31, using phishing emails and cloud services like GitHub, Dropbox, and Quora for command-and-control. MORE

Scammers are targeting young Chinese job seekers in a tough economy, exploiting their desperation by offering fake job opportunities. MORE | Comments

AI / TECH

xAI’s Grok chatbot now lets users create images from text prompts and publish them to X, leading to chaotic results like Barack Obama doing cocaine and Donald Trump in a Nazi uniform. Really curious if this is going to get nerfed or not. Elon replied to one that had him pregnant standing next to Trump, and he replied, “Live by the sword, die by the sword.” MORE

Alex Wieckowski is on a mission to make you fall in love with reading again—and he thinks AI can help. In this episode, Alex shares how he uses AI tools like ChatGPT to recommend books, understand deeper themes in novels like Hermann Hesse’s "Siddhartha," and create actionable strategies from business books like Alex Hormozi’s "$100M Offers." MORE

Comedians are increasingly using AI to help write jokes and brainstorm ideas, with mixed results. I think this is similar to the Turing Test in terms of the importance of AI progress. If AI can write a full set of comedy and make humans laugh, that’s f*cking huge. MORE

San Francisco is looking to ban software that critics claim is being used to artificially inflate rents. The software in question allegedly helps landlords coordinate rent increases. MORE

You might be overusing Vim visual mode. This post argues that many Vim users rely too heavily on visual mode (I think I’m one of them), which can often be replaced with more efficient normal mode commands. Examples include using gg"+yG instead of ggVG"+y to copy a whole file and dk instead of Vkd to delete the current and previous lines. MORE

HUMANS

Some California residents will soon be able to add their driver’s licenses and state IDs to Apple Wallet as part of a pilot program launching this fall. The program will allow 1.5 million participants to use mobile IDs for TSA screening at LAX and SFO. MORE

China's manufacturers are facing a financial crisis, with many going bankrupt due to a combination of weak demand, rising costs, and increased competition. MORE

Scientists at Fermilab have detected the first neutrinos using a prototype detector for the Deep Underground Neutrino Experiment (DUNE). MORE

Venture capitalists aren't looking for nice founders; they want risk-takers. Nate Silver highlights that 70% of the billionaires on the 2023 Forbes 400 list are self-made, often coming from modest backgrounds. MORE

There's a growing trend of Gen Z men becoming NEETs (Not in Employment, Education, or Training), with one in five young men under 25 unemployed and not actively looking for work. MORE

"Slow is smooth, smooth is fast" is a mantra deeply ingrained in Navy SEAL operations, emphasizing precision over haste. This principle helps SEALs execute high-stakes missions with minimal errors, as seen in Operation Neptune Spear. MORE

No one wants kids anymore, and it's not just you. This video dives into the reasons behind the declining birth rates, touching on economic pressures, changing societal values, and personal choices. MORE

Imposter syndrome often stems from systemic biases, not just self-doubt. Harvard Business Review highlights that many women experience this due to real exclusionary practices. MORE

This guy got fired and replaced by AI at Cosmos Magazine, and the management didn't tell anyone. They are using generative AI to write articles, possibly trained on their own authors’ work. MORE

I gave my kids a summer like mine in the 1980s – This parent decided to give her 10 and 5-year-old daughters a taste of a 1980s summer holiday, where boredom was common and self-entertainment was key. MORE

IDEAS

Here are a few ideas I’ve had recently that I haven’t written essays for yet.

The Ultimate Privilege
I think the ultimate privilege might be growing up in a stable household with two parents who give you a strong work ethic.

It trips me out how simple this is, and how the best advice is often like this. It’s the same with diet, exercise, relationships, and a million other things. The best advice is concise, wise, and generally hard to do. But it’s not a mystery.

I think the US—and the world—should lock in on this one thing: stable two-parent households that imbue a strong work ethic—and focus a lot of energy on getting to 100% on that metric.

DISCOVERY

🔥Fabric + Raycast — Will Chen shows how to integrate Fabric into Raycast! Very cool. I’m adding this myself, forcing me to switch back to Raycast. In fact, I think I might integrate it more deeply by hosting a set of these scripts within Fabric, so you can just point Raycast to that directory! MORE

Eric Schmidt of Google did a crazy honest interview at Stanford and it was so spicy that Stanford took it down. Here’s the video and transcript. VIDEO | TRANSCRIPT | FABRIC SUMMARY

The Ideal Founding Team — Ben Horowitz lays out the perfect founding team in the clearest way I’ve ever seen. MORE

Scrape-it-now — A new CLI tool designed for AI-driven web scraping that ensures idempotency. MORE

Grok 2 — xAI has released Grok 2, a frontier class model capable of reasoning, coding, and mathematics. It also brings FLUX to X users in collaboration with Black Forest Labs. MORE

Prompt Caching With Claude — Anthropic has introduced prompt caching for its Claude models, allowing developers to cache frequently used context. Coming to Fabric soon! MORE

Flux AI — By Black Forest Labs, Flux.ai is a new open-source AI image generation tool that runs on consumer-grade laptops. It excels in rendering people and prompt adherence, outperforming competitors like Midjourney in some aspects. MORE

GraphicInfo – A new website lets you generate infographics to make your articles more engaging. MORE

"Agile Is for Losers" is a rant about the author's decade-long frustrations with the Agile methodology infiltrating digital agencies. MORE

RECOMMENDATION OF THE WEEK

Stop accepting it when your loved ones—especially the young ones—are not AI-literate. Here’s the way to think about this…

Imagine that the competition level for getting top jobs, mates, whatever—was at 100 in 2022. And the average person was at like an 80.

Well, AI is Augmentation technology. It adds 20-50 points to people who get good at it. So now that person with an 85 learns AI and they’re a 125.

The new standard is now reset to 120.

So if you were a 90 before, or a 110, you’re now behind.

Don’t let your people get left behind. AI is the new reading. It’s the new high school diploma. It’s the new degree.

Make sure the people you love have it.

(And just to show you how real this is, and get you motivated—here’s an 8-year-old doing some live coding) MORE

APHORISM OF THE WEEK

Standing still in evolution is equivalent to moving backwards.

Matt Ridley