UL NO. 402: Israeli Footage & Analysis, WSFTP + MOVEIT, AI Explainability, Andreessen vs. Perell on Writing, and more…
2023-10-9 23:0:0 Author: danielmiessler.com(查看原文) 阅读量:11 收藏

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Hello,

I had a different intro planned but what’s happening in Israel is all I can think about right now. The news and the footage coming out is unimaginable, and my thoughts are with everyone who’s currently suffering.

❣️ 

MY WORK

ExtWis 2.0b: Marc Andreessen vs. David Perell
I’m working on v2.0 of extwis, the Wisdom Extractor for text, and this is a member post of one such extraction for an extraordinary conversation between Marc Andreessen and David Perell about writing, creativity, and AI. Seriously great conversation here. MORE | GET ACCESS

📢 Winter 2023/Spring 2024 Sponsorship Window
We are now opening the window for new sponsors for Winter 2023/Spring 2024. If you would like to get your company seen by over 99,000 of the smartest and most influential people in security and tech, you should reach out to get on the calendar before the calendar is filled.

“We’ve had multiple new customers say they heard about us from Unsupervised Learning, so we’ll absolutely be renewing.”
~ One Recent Sponsor

 CONTACT THE TEAM TO RESERVE YOUR SLOTS

SECURITY NEWS

Israeli Attack
Israel is currently dealing with the largest attack on its territory in 50 years, following a surprise early-morning assault by Palestinian militants from Gaza. The attack has resulted in hundreds of deaths so far, with militants infiltrating at least 22 Israeli towns and army bases nearly simultaneously, kidnapping Israeli civilians and soldiers, and firing thousands of rockets toward cities as far away as Jerusalem.

- The scale of the latest Palestinian attack shocked Israelis, many of whom were observing the Jewish Sabbath. Diplomats and analysts were also caught off guard.

- The ease with which Palestinian fighters entered Israel prompted recriminations and anger among Israelis, with questions about the quality of Israeli intelligence gathering.

- The Israeli government said Saturday evening that it was cutting off its electricity supply for Gaza, which gets two-thirds of its power from Israel.

- The assault coincided with Israel’s escalating efforts to seal a landmark peace deal with Saudi Arabia, and many are saying this is a way of disrupting that relationship.

Heartbreaking reporting from the ground in Israel:

  • A family deals with the loss of a child and sister while still being held hostage. MORE

  • Hamas paraglides into a peace rave while people dance. Hostages are then taken in later videos. MORE

  • People being kidnapped from the rave. MORE

  • More visuals from the New York Times MORE

It's unbelievable, and I’m very worried about what will develop in the next few days as this unfolds. Especially as Israel responds and if/when Hezbollah/Iran gets more involved.

🇮🇱 🇮🇱 🇮🇱 

Genetic Data Breach
23andMe has confirmed a data breach where user data is being sold on hacker forums due to a credential-stuffing attack. The breach seems to have a racial aspect as they first leaked data on Ashkenazi Jews, and then on Chinese people.

The leaked data includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location.

I signed up for one of these services many years ago knowing for absolute certain that this day would come. For me the risk calculation is very simple: the value of the data to me is much higher than the danger I feel from someone having the data. BLEEPINGCOMPUTER | THERECORD | WIRED

Sponsor

Comprehensive Cloud Security Coverage from Code to Cloud

Panoptica is the cloud-native application protection platform (CNAPP) solution from development to runtime to seamlessly deliver end-to-end security for multi-cloud application environments to minimize risks with comprehensive visibility and prioritization.

MGM’s Fallout 
MGM Resorts got hit by a ransomware attack last month, costing them a crushing $100 million and leading to customer data theft. The threat actor responsible was an affiliate of the BlackCat/ALPHV ransomware gang known as Scattered Spider, who breached MGM's network using social engineering, stole sensitive data, and encrypted over a hundred ESXi hypervisors. MORE | MORE

Phantom Hacker Scams 
The FBI is warning about a rise in 'phantom hacker' scams targeting seniors. This is where the attacker calls claiming to be tech support, saying they’ve been hacked, and then proceeds to hack and/or scam them. MORE

Vulnerabilities:

  • WSFTP Mass Exploitation Alert 
    Security researchers are warning about widespread exploitation of multiple vulnerabilities in WS_FTP Server, including one with a maximum CVSS severity score of 10. MORE

  • Exim Patches Zero-Days 
    Exim has patched three of the six zero-days disclosed last week, one of which allowed unauthenticated attackers to gain remote code execution. MORE

  • Qualcomm's Quick Patch 
    Qualcomm has patched over two dozen vulnerabilities, including three zero-days reported by Google's cybersecurity units. MORE

CLEAR Security Breaches 
CLEAR, the service that lets you pay to skip airport security lines, is under lawmaker scrutiny after employees escorted passengers through TSA checkpoints without ID checks or CLEAR enrollment. Anecdotally, I’m seeing a lot more people skip the CLEAR line these days and just go through TSA/PreChek. Not sure how much longer they’ll survive if they don’t clean this up. MORE 

AI Impersonates Celebrities 
We’ve been talking about convincing and impactful deepfakes for a couple of years now, and they’re finally here. Tom Hanks and Gayle King have warned their fans about AI-generated scams featuring fake versions of themselves. MORE

Sony Hit Again
Sony has been hit twice in four months, with the latest breach affecting around 6,800 individuals. The breach was due to an unauthorized party exploiting a zero-day vulnerability in the MOVEit Transfer platform, leading to the compromise of sensitive information of 6,791 people in the U.S. MORE

Backdoored Androids in Schools 
Tens of thousands of Android devices with backdoored firmware have been shipped to end-users, including US schools. Cybersecurity vendor Human Security discovered this as part of a global cybercriminal operation called BadBox, infecting the firmware of over 70,000 Android devices with the Triada malware. MORE

TECHNOLOGY NEWS

Rewind = Permanent AI Capture
Rewind, an AI life recording app for Mac and iPhone, is launching a wearable called the Rewind Pendant that continuously captures and transcribes your real-world conversations. The Pendant encrypts and stores all data locally on your phone, making it a personalized AI powered by everything you've seen, said, or heard. I’m simultaneously intrigued, ordering one, and preemptively horrified by the privacy issues this type of tech is about to unleash. MORE | A VERY SIMILAR DEVICE CALLED THE TAB | A DEMO OF THE TAB

AI Explainability Breakthrough
OpenAI just made an extraordinary jump in their ability to explain the function of individual neurons in language models like GPT-4. They found that iterating on explanations, using larger models, and changing the architecture of the explained model can all increase explanation scores.

They’re also open-sourcing their datasets and tools for GPT-4-written explanations of all 307,200 neurons in GPT-2, hoping the research community will develop new techniques for generating higher-scoring explanations.

This is huge for the use of AI in day-to-day critical systems, as humans will be more likely to trust an AI if they can see how it arrived at its decisions. MORE | SIMILAR ANTHROPIC RESEARCH

CAPTCHA Replacement 
Cloudflare has now widely deployed its CAPTCHA alternative, Turnstile, aiming to address the fact that everyone hates CAPTCHAS and they’re getting much easier for AI to crack. Turnstile relies on passive, background data analysis rather than visual puzzles. Between this and Passkeys I’m pretty happy with user-focused security advancements this year. MORE

Copilot's Impact 
Microsoft's CEO, Satya Nadella, believes that their new AI, Copilot, will revolutionize personal computing, comparing its significance to the rise of the PC, the Web, mobile, and cloud computing. MORE

Confabulation vs. Hallucination
Similar to humans, Large Language Models (LLMs) don't 'hallucinate' information, they 'confabulate', which is inventing plausible-sounding justifications with no basis in fact when forced to answer a query they don't know. Some researchers think recognizing LLMs as confabulating rather than hallucinating will improve understanding and performance. MORE 

Podcasts Suffering
The podcast industry is still reeling from layoffs and cancellations, with the ad market's uncertainty hitting hard. MORE

HUMAN NEWS

Jobs Boost 
The US economy added a surprising 336,000 jobs in September, and the unemployment rate has remained below 4% for 20 consecutive months. Wall Street had predicted a mere 173,000 jobs to be added, expecting the unemployment rate to drop to 3.7%. I’m starting to think the recession did happen, but that it’s a permanent one for those on bottom while those on top keep on thriving. More extreme on both ends. MORE

Cashless Ban Activated 
D.C. just put a stop to cashless businesses, making it mandatory for all businesses to accept cash. The goal is economic inclusivity, as not everyone has access to digital payment options, but it also makes those businesses more attractive to thieves. MORE 

China's Brain Drain 
China's top tech talents are leaving the country, but they're not going to the US as you might expect. They’re largely going to countries like Canada, Australia, and Japan instead. MORE 

COVID, Politics, and Vaccines 
Nate Silver provides regression analysis support for his previous blog post showing that states with higher Biden victory margins and vaccination rates have lower COVID-19 death rates since vaccines became widely available. Basically, more Republicans died of COVID than Democrats because they didn’t vaccinate. MORE 

TikTok Therapy Trend 
The Shadow Work Journal, a self-published workbook by 24-year-old Keila Shaheen, is the latest wellness trend on TikTok. Shadow Work involves behaving as your true self, including your rough edges. MORE

Tipping the Scales 
Chicago has become the largest US city to independently mandate a full minimum wage for tipped employees. After being in Europe for a bit I really hope we can just charge more for things and get rid of tipping. When you get a cab or a meal at a restaurant, you just tap and go. Tipping is toxic AF for everyone involved, and as far as I can tell the only reason it still exists is so that corporations can pay wait staff less money en masse. MORE

IDEAS & ANALYSIS

Conflict
I served in the US Army in Sinai, Egypt as an MFO peace observer, and have had the chance to visit Israel multiple times over the years. I have many Israeli and Palestinian friends. Given that, I hold two things in my mind simultaneously: 1) I know that extraordinary pressure on a people will cause them to do extraordinary things, and 2) I don’t see that justifying these attacks in any way.

This isn’t a contradiction to me because I see two distinct parties in Palestine: 1) innocent and peaceful Palestinians with legitimate grievances about their treatment, and 2) militants who don’t actually want peace at all. I think a big part of our problem is conflating these two groups.

The people who carried out these attacks are anti-Jew and anti-Israel, full-stop. They’re not pro anything, except maybe being a hero in their own stories. Anyone planning these actions had to know the result would be more suffering for the Palestinian people, not less. So it wasn’t for Palestine. It was for themselves. And who they targeted, and what they did to the victims, is clear evidence of that.

I also feel strange switching to discussing security and AI when this is happening. But I have to remind myself that suffering like this is going on all the time—and often to many more people—yet I don’t care because I don’t hear about it. Awareness and attention are our apertures for caring, evidently, and we have too little control over both.

Opposites
I just did a trip to Europe to do my Killer Context AI talk about software, security, and how they’ll be affected by AI. It was in Budapest, and it was my first time visiting. The highlight of the trip was visiting the most popular Ruin Bar in the city, Szimpla KERTMOZI. A Ruin Bar is basically a collection of bars inside the destruction from bombing in WW2.

So imagine a giant brick building, or a city block, and part of the buildings are destroyed from bombs. So there are missing walls, roofs, etc. Then imagine people go into there and create the most vibrant and extraordinary place to gather you can think of. Iron bars and mesh scafolding creating new walls, floors, and ceilings. Plants everywhere. CD vending machines. Mysterious pixel art. It was like a greenhouse beer garden with an industrial and artistic soul. We just kept saying wow.

Anyway, what it got me thinking of—with the context of the Israeli attacks having already happened, and the bar being in the Jewish quarter of Budapest—was the juxtaposition of bombs and gardens. Here you have one of the most hateful and destructive things ever in a massive bomb dropped on a city during a war, and then from that we build a breathtakingly beautiful place to gather and enjoy humanity. It reminded me of the imagery of concrete being laid to block out life, but a crack forms and a green sprout and flower pops through.

Humans are capable of such extremes. I feel like we could be entering a really dark period right now with what’s happening in Israel, but I am trying real hard to imagine what flowers might break through afterwards.

NOTES

My buddy Luke wrote a wonderful essay looking at the cybersecurity industry's failures after meeting a man who lost his life savings to online scammers. He argues for a shift in focus from technology to people, suggesting that cybersecurity should be a public service and that personal identifiable information (PII) should be assumed to be publicly accessible. MORE

DISCOVERY

⚒️ CloudGrep — A handy tool that functions like grep, but for cloud storage. It's a game-changer for searching through your cloud data. | by /u/0x636f6f6c | GITHUB

⚒️ Python Magic — Running LLMs has been simplified to a single line of Python code, no Docker needed. MORE 

The iPhone 15 camera evidently beats the latest Android option MORE

The Sabbath as a Remedy for Modern Stress MORE

The Monstera Albo is a multi-thousand-dollar house plant. MORE

Daniel Haussman’s insane photos of the Icelandic Highlands. MORE

Moxie Marlinspike suggests doing the minimum work to prevent starvation and then pursuing something not about money, outside of supporting structures, and not simply a matter of "consuming experience". MORE

See if your domain has been typosquatted MORE

RECOMMENDATION OF THE WEEK

Check in on your Israeli friends. It’s a small country and everyone serves in the military, so this is very personal to all Israelis even if they moved away a long time ago.

APHORISM OF THE WEEK

War does not determine who is right - only who is left.

Bertrand Russell


文章来源: https://danielmiessler.com/p/402
如有侵权请联系:admin#unsafe.sh