UL NO. 417: NSA's Broker Buys, AI-Assisted Attacks, Companies Only Want Killers
2024-1-30 05:7:25 Author: danielmiessler.com(查看原文) 阅读量:25 收藏

Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.

TOC

INTRO

Happy Monday!

Had a blast speaking at OpenAI last week on how I’ve been integrating AI into my life for the last year! It was like an overview of what I talked about in the AUGMENTED course, and on the Bombal video, but more condensed. Was blown away by the positive response! Love that company.

🔥Ok, here’s the project I’ve been raving about! It’s called Fabric, and it’s basically a way to integrate AI into your life. It’s a massive collection of prompts, command line clients, and server infrastructure for running your own AI ecosystem!

It’s still early, and we’re adding tons of stuff to it (and more documentation), but you can go there now and start using the prompts today.

The patterns (prompts) we have uploaded so far

Quickstart:

  • For the fastest start, head to /patterns and you can use those anywhere you use prompts. See above.

  • To build your own server, head to /infrastructure/server.

  • And coming soon: brew install fabric

Enjoy! And let me know what you’d like to see in the project!

I hope you have a great week! Let’s get into it…

MY WORK

SECURITY

The NSA has been buying American browsing data from data brokers without warrants. I bet it’s totally “legal”-ish because they’re getting it from “legitimate” data brokers, but it seems shady AF because they normally would have needed a warrant to get the same kind of information. MORE

South Korean intelligence says North Korea's hackers are now leveraging generative AI to launch cyberattacks. MORE

💡One of the most powerful uses of AI—and especially agents—will be going through millions of targets and figuring out what to attack, when, and using which technique. Red will move much faster than blue on this. Attackers can be sloppy and fast, and defenders have to be a lot slower and more careful. Over time (2-5 years?), this imbalance will switch to the defenders having the advantage due to them having more context.

A lot of hype was made about a data dump of over 26 billion records, but it looks like it’s really a collection of multiple previous breaches. MORE

If we have such a massive cyber skills gap, why are so many companies laying off workers in security jobs? Despite a predicted 32% growth in cybersecurity jobs through 2032, the industry faced over 9,100 layoffs since March 2020, with 55 vendors reporting cuts last year. MORE

Advisories

🚨Confluence Server Attacks — Over 600 IPs are hammering Atlassian Confluence servers with remote code execution attempts. | CRITICAL | CVE-2023-22527 | CVSS Score: 10 MORE

British intelligence is saying AI will supercharge ransomware attacks in the next couple of years. They're "almost certain" we'll see a spike in both the number and severity of attacks, thanks to AI making hacking tasks like reconnaissance and social engineering more efficient and harder to detect. MORE

💡This is very similar to the point above. Think of it this way: where could attackers (and defenders) benefit from 100,000 interns performing a particular set of tasks? If you’re an attacker with 100,000 interns you could create a deep dossier on each potential target inside of a company, and then create a plan for how to go after them. Well, the better AI (and specifically agents) get, the more realistic this becomes. Attackers will basically say, “Create a dossier on every person at that company, find the types of emails they’re almost guaranteed to click on based on a psychological analysis of their personalities based on their online activity, and then build and launch those campaigns, starting with the people who can give us the most access.”

MIT researchers developed a computational imaging algorithm that lets the ambient light sensor capture images without needing security access to the camera. This method exploits the fact that apps can access these sensors without asking, a loophole not previously considered a privacy risk. MORE 

X has rolled out passkeys for iOS users. The move follows a series of high-profile account hacks and the controversial decision to drop SMS two-factor authentication for non-subscribers. MORE

Cybersecurity firms Snyk and Cato Networks are getting ready to IPO. Seems like weird timing, but ok. Happy to see the activity, and I hope it encourages others to follow. MORE

3 US troops have been killed by an Iranian drone in Jordan, and Biden has vowed to respond. MORE

Incidents

  • Trello had a breach that exposed over 15 million users’ emails and names, and Loan Depot's ransomware attack affected over 16 million customers’ info. MORE

💡I’m a bit shook by how close I am to not mentioning breaches at all. Almost nobody cares. Of course the CISO at the place does, but the collective memory on these things is non-existent. Unless it’s some kind of major event, it’s just background noise. Part of doing business. Just like fraud charges for banks. 10 years ago we thought we’d stop doing business with companies that got hacked. Today, virtually everyone’s been hacked. And nobody cares.

TECHNOLOGY

You can now do @ to mention a custom GPT in a conversation within ChatGPT. So imagine you are trying to make a website, you can @-in the Grimoire GPT. MORE

All the Major Tech Layoffs in 2024 So Far MORE | MORE

💡I just released a member post describing why I think this might get worse, i.e., why I think 80% of current jobs go away over the next 8-12 years or so. Who really knows the exact amount, or timeline, but I think the pressure factors are strong.

Here’s another piece saying something similar: Tech Layoffs Not Tied to Economic Struggles, but AI Investments MORE

OpenAI just rolled out ChatGPT Team, offering features like access to GPT-4, DALL·E 3, and a secure workspace for team collaboration. MORE

Elon Musk is hoping for a $6bn raise for his AI startup, xAI, to take on OpenAI, with a valuation aiming at $20bn. Seriously? How many companies does this guy need? And how much of this is just a push to get the Tesla stock and control he was looking for? MORE

Microsoft just hit a $3 trillion market cap. It’s stunning to me how Microsoft is ascending while Google stagnates. What a difference a decade can make. MORE

The Biden administration is putting billions into semiconductor manufacturing, targeting companies like Intel and TSMC to boost U.S. chip production. This includes significant investments in new factories across states like Arizona, Ohio, New Mexico, and Oregon, with Intel's projects alone surpassing $43.5 billion. Love. It. MORE

HUMANS

The 'Nones' have taken the lead as the largest religious group in the U.S., with 28% of adults identifying as religiously unaffiliated, surpassing Catholics and evangelicals. MORE

Over half of Americans would struggle with a $1,000 emergency, says a new survey. Only 44% could handle such an expense without borrowing, using credit, or cutting back elsewhere. MORE

Men are flocking to 'man camps' like the Modern Day Knight Project to tackle their loneliness and redefine masculinity, often enduring intense physical trials. These boot camps, costing up to $18,000, promise self-improvement and mental fortitude, but experts question their extreme methods and psychological impact. I also wonder about the Venn overlaps with militia groups. MORE

US agencies are telling companies not to delete Slack or Signal chats, especially if they're under investigation. They're updating their language to make it clear that companies need to preserve and hand over records from platforms like Slack and Signal, with failure to do so potentially leading to fines or criminal charges. MORE

The Army's dropping its high school diploma requirement for new recruits due to it’s recruiting crisis. So now you’ll be able to enlist if you're at least 18, qualify for a job in the active-duty Army, and score at least a 50 on the ASVAB test. They only hit 40% of their recruiting goals last year. And it looks like the Navy is doing something similar. MORE

IDEAS & ANALYSIS

Companies Want AI, Immediately
🤯Anecdotal, but I was in a meeting with a big-wig executive and some other industry experts, and the resident VC expert (from a very reputable company) had a challenge for us. He asked,

What percentage of funding into AI startups do you all think is coming from internal, corporate investment groups?

Everyone guessed like 10% — 20%. I thought I was being crazy saying 60%. But I imagined it was a high number.

He said it was 90%.

90% of money going into AI companies coming from internal companies? In this economy? What does that say to you?

To me it says they can’t wait to get rid of most of their employees. To me it says they know how much heat they’re getting instead of light from most of their efforts. And they can’t wait to automate as much as possible.

As I say in my latest post, get ready for this. Be ready. It’s coming. Companies cannot wait for AI to replace the vast majority of their workforce. Don’t believe any company telling you otherwise.

More Efficient Terrorist Groups
One of the scariest things I heard this week was Tyler Cowen saying that AI’s big threat for terrorism isn’t making new pathogens, but actually helping them run a terrorist organization efficiently and without getting caught. Yikes.

NOTES

Trying another mechanical keyboard, the Nuphy Air75 V2. Basically I have Vim typing sounds envy and I’m hoping this will address the issue. Plus it’s very Mac-friendly and YouTube reviews have been stellar.

📚We had one of our best hour-long conversations during UL Bookclub this weekend. I’d say top 3 for sure. So many topics. So many great comments. It was extraordinary. And the book was only the onramp to the topics, as usual. Absolutely love the book club. Never imagined being in one, and now it’s been going strong for like 4 years. COME BE PART OF IT

The big (commercial) app I’ve been working on is now in testing phase. I’m about to start showing prospects!

DISCOVERY

🔥📺 Tyler Cowen on How GPT is Changing His Job MORE

🛠️ Replit — A platform for coding, AI assistance, and deployment, all within your browser. | by replit | MORE

🤖 LangGraph — It’s basically Langchain for multi-agent workflows | by Harrison Chase | MORE

🔌 Power VIM with AI — A new plugin brings AI directly into VIM, making it easier to write code and content by integrating with your documents. | by Song Luo | MORE

🛠️ APIDetector - Efficiently scan for exposed Swagger endpoints across web domains and subdomains. by brinhosa | MORE

😹 Tomcter - python tool developed to bruteforce Apache Tomcat manager login with default credentials. by oppsec | MORE

✨ Innovative and open-source visualization application that transforms various data formats, such as JSON, YAML, XML, CSV and more, into interactive graphs. by Aykut Saraç | MORE

✍️ A student shares how AI boosts their lecture note-taking by blending teacher's words, presentation content, and AI-generated summaries. They use their phone to record and live transcribe lectures, then feed the transcript to a Large Language Model (LLM) like Claude for concise summaries, enhancing their personal notes without replacing them. | by snats | MORE

🛠 Writing a TUI in BASH — A deep dive into creating Terminal User Interfaces using BASH, showing it's possible with minimal dependencies. | by dylanaraps | MORE

🛌 Morpheus-1 - A model that induces lucid dream states by propheticai | MORE

Rich People Don't Talk to Robots MORE

Ring's stopping police access to doorbell footage. MORE

Extreme Brainstorming Ideas to Trigger New, Better Ideas MORE

Prompt Security is a company looking to secure AI apps against prompt injection. MORE

Several Truths About Success MORE

Git commit messages are useless MORE

The Books We Can’t Wait to Read in 2024. MORE

Everything Is a File MORE

Bright Data's platform is a one-stop shop for proxy networks, web scraping tools, and pre-packaged datasets. MORE

How I use ChatGPT daily (scientist/coder perspective) MORE

Ash Jogalekar highlights academic papers that break barriers with their brilliance and accessibility, becoming timeless across disciplines. These papers are celebrated for their exceptional thought and broad relevance, making complex ideas accessible to a wider audience. | by Ash JogalekarMORE

Warren Buffett's Berkshire Hathaway has 83% of its $365 billion portfolio in just 7 stocks. I have a silly question: why not just find out what he’s doing in terms of stocks and percentages, and match those? MORE

RECOMMENDATION OF THE WEEK

Give help. Ask for help.

Give help. Ask for help.

Give help. Ask for help.

♻️

You never know where your friends are in their up-and-down cycles of self-belief, good and bad news, etc. Reach out and offer help.

And don’t forget to ask for help when you need it too.

APHORISM OF THE WEEK

Walking with a friend in the dark is better than walking alone in the light.

Helen Keller

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Yours,


文章来源: https://danielmiessler.com/p/ul-417
如有侵权请联系:admin#unsafe.sh