Daniel Miessler's Blog, page 27

This is member content. Thank you for being a subscriber.

.memberful-global-teaser-content p:last-child{ -webkit-mask-image: linear-gradient(180deg, #000 0%, transparent); mask-image: linear-gradient(180deg, #000 0%, transparent); } This is UL Member Content

Subscribe

Already a member? Login

Related posts:The Unsupervised Learning Daily Routine Login Big-O Notation Explained A ffuf Primer Media

.memberful-global-teaser-content p:last-child{ -webkit-mask-image: linear-gradient(180deg, #000 0%, transparent); mask-image: linear-gradient(180deg, #000 0%, transparent); } This is UL Member Content

Subscribe

Already a member? Login

Related posts:The Unsupervised Learning Daily Routine Login Big-O Notation Explained A ffuf Primer Media

🎙️If you're not subscribed to the podcast version of the newsletter, please add it using with your favorite client! APPLE | SPOTIFY | OTHER

SECURITY NEWS

Another T-Mobile Breach
T-Mobile has had another security breach, this one affecting at least 37 million accounts. They haven't described the issue yet, but they said it was an API problem which points me toward IDOR. An IDOR vulnerability is where if your account was #1298, you could manually change your request to 1299 and pull a different user's data. In other news, API Security companies are doing really well right now. MORE

Canary Cards
You can now use credit cards as Canary Tokens. You can go (for free) to canarytokens.org and you'll get a valid credit card, with a number, expiration, and CVC. And if anyone tries to use that credit card number you'll be notified! MORE

Hook Malware
There's a new piece of Android malware called 'Hook' that allows attackers to fully control your phone. It's created by the publisher of Ermac, an Android banking trojan selling for $5,000 a month, but Hook has the additional feature of being able to control the affected device over VNC. MORE

Office -> OneNote
Attackers are now spreading malware through Microsoft OneNote attachments. The switch comes after Microsoft disabled macros by default in the more standard Office formats. MORE

Cobalt -> Silver
Many attackers are migrating from Cobalt Strike to the more defender-focused Silver C2 framework. The primary reason seems to be that Cobalt Strike is simply too loud at this point due to how many tools have detections for it. MORE

Git Criticals
Git patched two critical RCEs. Upgrade to latest. MORE


TECHNOLOGY NEWS

🔥🤖 An Actual Smart Assistant
Someone built a smart home assistant using ChatGPT. It is a far better assistant than Siri or Alexa for home related tasks, but it's also just a general assistant. So basically, ChatGPT, but linked to the smart home. Absolutely brilliant. I'm hoping this type of integration becomes widely available soon. MORE | VIDEO

Layoffs Continue in Tech
The layoffs have continued in tech through January, and in fact the number of people laid off this month is the highest in 12 months. I feel like the volume of layoffs has provided cover to those who wanted to do some but didn't want the bad PR. And now there are so many they feel safe because "everyone's doing it. STATS

New MBPs
Apple announced the new Macbook Pros with M2 Pro and M2 Max chips. The Max can be fitted with a maximum of 96GB of memory. MORE | REVIEW


HUMAN NEWS

Study Reveals Conception Ages for the Last 250,000 Years
A new study has revealed the average age that men and women have been conceived for the last 250,000 years. "The average age that humans had children throughout the past 250,000 years is 26.9. Furthermore, fathers were consistently older, at 30.7 years on average, than mothers, at 23.2 years on average, but the age gap has shrunk in the past 5,000 years, with the study's most recent estimates of maternal age averaging 26.4 years." MORE
 
Breathing vs. Meditation for Mood
A new study (with Huberman as a co-author!) has shown that breathing-based activities improve mood and physiological arousal more than mindfulness meditation. The best performer was exhale-focused cyclic sighing, which is a series of prolonged exhalations. MORE

The Lights Don't Lie
A researcher at the University of Chicago published a paper that shows how GDP correlates to nighttime lighting as visible from satellites. He then compared that lighting to countries' claims of GDP growth, and found that autocracies are probably lying about how well they're doing. MORE

New Podcast Slowdown
A report shows the number of newly created podcasts between 2020 and 2022 dropped by 80%. MORE

SoCal Shooting
10 people were killed by a 72-year-old gunman during Lunar New Year's Eve in Monterey Park, CA. The city is the home of the first majority-Asian town in the US, and the attacker was identified as Huu Can Tran. No motive has been established. MORE


IDEAS & ANALYSIS

✍️ OpenAI's Purpose is to Build AGI, and What That Means MORE

✍️Your Experience is Your Creativity MORE

✍️ How to Contact and Interact with a Mentor MORE

I’m starting to see climate change like automobile safety. Telling people to drive better didn’t do nearly as much as making safer cars. I think it will be the same with climate change. Carbon extraction will turn out to be far more effective than policy. And of course we still need both. TWEET


NOTES

I've been off-routine for a number of weeks now, and it sucks. Primary cause is sleep cycle, but I've almost got it back on schedule. I'm at the point of just using brute force to adhere to the 2300 to 0700 sleep schedule. Just wanted to let people know that just because I made a routine doesn't mean I don't struggle sometimes to stay on it.

In better health news, my table tennis is probably the best it's ever been. I'm beating people at my local club that I couldn't even score points on previously. And this is because I have been eating better and working out fairly consistently, which allows me to stay low, fast, and dynamic during points. So fun. It's the best participation sport ever in my opinion. It's a martial art with speed and spin.

I overturned my WAF last week and started blocking people, including myself, out of my site. Easy to fix, but it surprised that benign users hit xmlrpc.php that many times during a normal session.

I'm going to be talking in our community this week about a technique I'm using to generate security reports using GPT. Really excited about it as a way to organize assessments and reduce writing time. I'm estimating that it'll raise quality and consistency for reports by like 20%, and reduce writing time by like 50%. I'll share the details in Slack so others can copy the technique.


DISCOVERY

⚒️ pdtm — The Project Discovery Tools Manager. Manage all your PD tools in one place! Just run pdtm –install-all. TOOL | BY PROJECT DISCOVERY

⚒️ octosuite — An OSINT tool that targets GitHub organizations, repositories, and users. It branches from the code, to the people who contribute, finds links between them, and gathers all the content together for further exploration. TOOL | BY BELLINGCAT

⚒️ caido — There's a new ZAP and Burp competitor called Caido. It's a Rust-based tool for auditing web applications and it emphasizes speed, stability, and (honestly) youth, over existing players. I'm going to be playing with it in the next few weeks and will report back with initial impressions. TOOL | MEET THE TEAM

⚒️ curlconverter — Convert curl commands to various languages. TOOL 

📊 geckoboard — I've been looking for a charting solution for ages. This one promises a real-time dashboard in minutes using over 80 integrations. TOOL 

📊 summate.it — Paste in an article URL, and it'll use GPT to turn it into a bulleted summary. TOOL 

📢 There's a new podcast, fantastically named Critical Thinking, about bug bounties. It's by Rhynorater and Teknogeek, and the music was made by YTCracker. I've listened to one episode so far and if you're into the bounty scene it's a must. MORE

🔭 [ Sponsor ] Privacy Dynamics — Are you having trouble generating anonymized and realistic data for testing? Privacy Dynamics can generate a sanitized dataset that functions just like production data without causing privacy and security data problems. BOOK A DEMO

My buddy Jason Haddix did an awesome thread correlating high-profile breaches and the controls that could have helped them. THREAD

A long-time UL member, Joshua Peskay, wrote a fantastic piece about a character.ai character called "I pass butter". He talks about how the bot is a seriously compelling conversationalist, and how AI bots might turn out to be better chat companions than humans for many people. Absolutely worth the read, although I did dock points for it not being hosted on his own blog! MORE
 
A desktop setup centered around an iPad as the computer. MORE


RECOMMENDATION OF THE WEEK

Routines and Sunk Cost Fallacy
There's something like Sunk Cost Fallacy happening when you beat yourself up about falling out of your routine. It's like not planting a tree thirty years ago. Doesn't matter. Today is a new day, and a new opportunity to do what you know is best for you.


APHORISM OF THE WEEK

“Imagination means nothing without doing."

Charles Spencer Chaplin

No related posts.

Creativity is usually described as an external force that graces you with inspiration. Something that you have to open yourself to—that you have to allow in. But creativity is more like an inner forge of your past, perspectives, and passions. It’s not something you let in; it’s something you let out.

You can see this in the work of artists like Bong Joon-ho, the creator of the film Parasite. Bong Joon-ho grew up poor in Korea, and in an interview after winning the Oscar for best picture he was asked how he was able to make something so creative. His response was to quote something Martin Scorsese told him.

The most personal is the most creative.

Martin Scorcese

He didn’t find inspiration by going on a meditation retreat. Or by reading books on creativity. Bong Joon-ho grew up feeling the exact things as the characters in the film. He explored that pain and trauma and the resulting art resonated with millions around the world and won him an Oscar.

Another great example of this is Herman Melville’s Moby Dick. Much of the book is a deep dive into a man’s obsession with ships, sailing, and most of all—whales. Melville himself had been on countless whaling adventures, and you can hear that on nearly every page. He basically translated his obsession with whaling into written form, wrapped a plot around it, and that ended up being one of the best novels ever written.

What matters is that you, the writer, are obsessed with he topic.

Neither Bong Joon-ho nor Melville set out to win a big prize. They wrote because they were compelled to. Because their topic was the only thing they could think about. And that’s the ultimate takeaway about creativity.

When you go looking for creativity, don’t look elsewhere. Instead, think about the thing you talk too much about. The thing you can’t shut up about. The thing you keep coming back to. What is the thread you keep weaving into everything? What is the topic that keeps coming up whenever you write or speak?

It doesn’t matter if it’s something you think, or others think, is uninteresting. Melville went on for thousands of words about the lengths, widths, and weights of various whales. It was tedious. Joon-ho was talking about poverty, which some could argue was depressing and negative, and not something that would lead to an oscar. They didn’t care. They wrote what they knew. They wrote their vibration. They wrote their experience.

If you don’t yet have any passions, open your mind and experience more of life. They will come.

So, your homework after reading this is simple. You have to find your thing. Just like they did. Maybe it’s model trains, or management metrics, or child education. Doesn’t matter. The compelling part isn’t the subject matter, it’s the passion you bring to it. Your experience is your creativity. Trust in that experience, and let the rest work itself out.

Sam Altman, the CEO of OpenAI, has said multiple times that,

He says it in this video as well.

We’re very much here to build AGI.

Sam Altman

I am not sure how many people realize this about the company. They’re not like playing with other AI-related tech and AGI might come out of it. They’re purposely building it. And that raises the question of how he defines AGI.

There he’s said multiple times that he defines AGI as a fairly intelligent and competent co-worker. He has specifically said this means the person having a median IQ, but median IQ is 100, so I’m not sure he’s aware that you need more than that to be a solid programmer, attorney, or scientist. If he’s talking about a competent co-worker in higher-end knowledge and creative work, I think that bar would be more like 120 or so.

Anway, what’s important is that he’s not talking about the 10x programmer, or the Von Neumann, or the Motzart. He’s talking about a solid performer.

The key though, is that you can hire that person to learn anything. Doing paperwork. Writing code. Giving lectures. Assembling things. Testing things. Designing a system. Whatever. That’s the important bit. That it’s General.

So Sam’s definition of AGI is a pretty smart co-worker that you can train to do anything. And then of course, because it’s an AGI, it can just do it consistently from then on out, without getting tired. Plus you can “hire” 1,000 of them, or 1,000,000 million of them if you need to.

That’s why it’ll change the world once it happens. We’ll be able to get so much more work done than before, in a more consistent way, and without having to constantly retrain for a human workforce that goes through various life phases.

And honestly, there’s no reason to expect that these agents will spend any considerable amount of time at 100 or 120 IQ. I fully expect them to spend little or no time there, and to instantly jump into IQ levels in the high 100’s or even in the 200’s or 300’s, which is insane.

And that’s just talking about regular co-workers who are that smart. That’s not even talking about a likely eventual superintelligence that will come from that evolution, which will be smarter than all of humanity combined. And this isn’t some pure fantasy. This is anticipated by many of the top thinkers in the space.

Anyway, the point of all this is to say that this isn’t something that might fall out of ChatGPT. It’s not a conspiracy that they’re trying to build AGI. It’s not a rumor. It’s their stated goal.

Unbelievably exciting.

🎙️If you're not subscribed to the podcast version of the newsletter, please add it using with your favorite client! APPLE | SPOTIFY | OTHER

SECURITY NEWS

NYC Surveillance
Amnesty International has revealed new research showing that the NYPD has over 15,000 cameras that can do facial recognition, including over 577 cameras in the most surveilled neighborhood of East New York in Brooklyn. The research was powered by thousands of volunteers who tagged the cameras across 3 boroughs. MORE

GitHub Automatic Vuln Scanning
GitHub has enabled an option to automatically scan your code for vulnerabilities. The feature currently supports JavaScript, Python, and Ruby. Settings -> Code Security and Analysis -> Security.  MORE

Norton LifeLock
LifeLock's parent company sent emails to over 6,000 customers saying their accounts had been accessed due to credential stuffing, i.e., someone getting their password from a breach or another source somewhere, and then using those passwords to get into their LifeLock accounts. MORE

Meta Scraping Suit
Meta is suing Voyager Labs for allegedly scraping data from 600,000 Facebook user profiles. It says they scraped posts, likes, friend lists, photos, and comments from profiles, and that they've done the same against Instagram, Twitter, YouTube and many other services as well. MORE

Top Risks 2023
Ian Bremmer's Eurasia Group put out a new report of top risks for 2023, and here are the top themes:

Rogue Russia Maximum Xi Weapons of mass disruption Inflation shockwaves Iran in a corner Energy crunch Arrested global development TikTok boom Water stress Red herrings

I would have expected to see AI on the list, but the report was probably finalized before the public rise of OpenAI. In a conversation with Scott Galloway, Bremmer put the risks into two main categories: 1) Individual Super-powerful Human Beings Surrounded by Yes-men, and, 2) New growth of extreme poverty after decades of improvement. Great analysis by Bremner and his group here, and I definitely see the danger of the first one with Putin and Xi. READ THE REPORT

Chinese Probe Across Taiwan Strait
The Chinese military sent 28 warplanes across the median line of the Taiwan Straight last Sunday, joining 57 other planes in recent days. MORE
 
Vulnerabilities

Cisco is warning about unpatched vulnerabilities in EoL business routers. MORE Juniper has patched 200 vulnerabilities in 32 separate advisories. MORE

TECHNOLOGY NEWS

OpenAI Launching Paid Version
OpenAI is about to launch a paid, experimental version of ChatGPT called ChatGPT Professional. They are currently signing people up on a waitlist, and I honestly can't remember a more enthusiastic example of "take my money" than how people are reacting. Its features will include: reliability, faster responses, and no throttling. We know a tech is hot when it comes out like 6 weeks ago people already miss it in their daily work when it goes down. MORE | TWEET | WAITLIST

Microsoft and OpenAI
Microsoft is about to put $10 billion into OpenAI. Is it just me or is Microsoft kind of killing it right now? Seriously impressed with their leadership in the last few years. I feel like they've been outplaying Google and Facebook in so many ways, and if this OpenAI investment pays off they're going to be crushing it. SEMAFOR ARTICLE  | MORE

Tesla Cuts Prices
Tesla just massively cut prices on many of its vehicles to become more competitive. Reasoning for the discounts likely include: 1) the stock has faced recent pressure, 2) a number of their cars were too expensive to qualify for tax write-offs, and 3) general competition in the EV space. MORE

Meta Rescinding Offers
Meta is evidently struggling enough that it's rescinding full-time offers. MORE


HUMAN NEWS

China Covid Deaths
China has seen at least 60,000 additional deaths in the month since relaxing Covid lockdowns, although it's difficult to trust any official numbers. The number of deaths is expected to be grow significantly due to 1) the country's elderly population, and 2) the lack of immunity from previous infections and/or vaccines. MORE

Eating Early is Better?
A new study has confirmed previous research showing that it's metabolically better to eat big meals in the morning rather than later. The study found late calories resulted in more fat storage and more hunger. MORE | STUDY

Bullying Suicides
New research found teen suicides declined during the pandemic because of a reduction in bullying. MORE


IDEAS & ANALYSIS

The Chip Wars
I've not been following politics much, but I do love how Biden is handling the Chip Wars. He's not known for strength, but his getting the entire world to stop sending China advanced chips was brilliant. And he's now followed that up with major deals to build chips within US borders. I just feel like he's making all the right moves with regard to China right now, and especially around securing US access to advanced chips while denying theirs. MORE

Bullish on America, Bearish on China?
In a similar vein to the above, I'm surprised to be seeing and feeling a ton of positivity around America's prospects in the coming decade. The ideas are that 1) we're seeing a reverse of globalism, 2) more isolationism, 3) chips become more important, 4) energy becomes more critical, 5) war becomes more disruptive, and 6) a country's age demographics become increasingly important. A lot of this analysis is captured in the work of Peter Zeihan, who used to work at STRATFOR. I have been reticent to relax my worries about China's rising trajectory, but I'm becoming cautiously more optimistic based on the analysis of Zeihan and others. My problem with swallowing Zeihan's analysis whole is that I've not seen other China and strategic experts counter his views, and I find his opinions have too much certainty in them. It often sounds more like ideology than analysis to my ear, so I'm looking for smart counter narratives. But even putting his analysis to the side, I'm still happy about America's demographics, energy and food independence, and our chip manufacturing capabilities vs. China in the next decade. MORE

Mastodon Bankruptcy
I hereby confess to being really bad at Mastodon. I'm not quite sure what it is, but it's some combination of the interface and the different conversational flow. I have tried to stop using Twitter and to use Mastodon exclusively, but it hasn't stuck for even a couple of days at a time. My personal opinion is that Twitter will likely survive and end up being even better than before within a couple of months, but even if I'm wrong I don't think it'll be Mastodon that replaces it. I think it's an interesting tool for small communities, but it doesn't have the "it factor" required to replace Twitter as a global discussion platform.


NOTES

Our UL Community had an amazing mid-month meetup on Thursday afternoon. The topic was "Everything AI", and we talked about hype vs. reality, how we're all using GPT in our daily work, and what we think is going to happen with in 2023. Finally we talked about the implications of businesses getting so efficient that they didn't need people, and we wondered who was going to buy all the stuff if nobody has a job? Wonderful conversation and we're already looking forward to the February meetup. JOIN THE COMMUNITY TO PARTICIPATE IN FEBRUARY

Currently playing with Raycast as a possible replacement for Alfred as my primary launcher on macOS. Been using Alfred for years so it honestly feels like cheating just talking about it. Any of you using it already? RAYCAST

I've just launched the new UL referral program for the newsletter that you can find at the bottom of this issue. You get increasing rewards as you refer more people, going from a new PDF I just created, to UL membership discounts, all the way up to a 30-minute conversation with me about your life, career, and goals (a mini-mentorship!). In addition to that, I'm also giving away a brand new pair of the latest AirPod Pro 2's at the end of February. Every referral you get is an entry into the raffle for it, so the more referrals the more chances to win them. I always appreciate referrals, and this is just a way of rewarding and gamifying the process. Here's your referral link: |IF:RH_REFLINK|

The new Pistachio Latte at Starbucks is way better than it should be.


DISCOVERY

⚒️ legitify — Analyze GitHub repos for vulnerabilities. TOOL | DEMO VIDEO | BY LEGIT LABS

🎨 Project Discovery Wallpapers — A collection of cool wallpapers from Project Discovery. REPO 

📊 An interactive dashboard of California's reservoir levels. MORE

🔭 [ Sponsor ] Drata — Are you spending too much time on security compliance? Sign up for a demo to see how you can automate your compliance tasks in 14+ frameworks. BOOK A DEMO

Work Life Balance is Impossible MORE

Consume More, Create Less MORE

🎹 A Music Theory Visual Cheatsheet MORE

The First Draft Self MORE

GPT Phishing Emails MORE

Manage Like an Engineer MORE


RECOMMENDATION OF THE WEEK

Consumption vs. Creation
How much are you consuming things vs. making things? Think about Netflix, YouTube, other TV, and even books. All your inputs combined. How much time are you spending on that activity in a given month? Now compare that to how much time you spend doing anything creative. That's anything from writing articles, to journaling, to gardening, to making progress on a book. There aren't hard rules around this; just make sure you're not spending to much time "getting ready to create", or "training for creation" instead of actually doing it.


APHORISM OF THE WEEK

“Don’t wait for inspiration. It comes while working."

Henri Matisse

No related posts.

If you're not subscribed to the podcast version of the newsletter, please add it with your favorite client. APPLE | SPOTIFY | OTHER

SECURITY NEWS

The FBI is warning people to block online ads due to imposters poisoning search results. They advise users to 1) check ad URLs, 2) go to sites directly instead of via search, and 3) use an ad blocker. MORE

Sam Curry and friends have published a monster list of vulnerabilities across the automotive industry. Manufacturers affected include Ferrari, BMW, Rolls Royce, Porsche, and others. They were able to do things like remote unlock vehicles, precision-locate them, break into their internal infrastructure, do customer account takeovers, pull customer data, and much more. Seriously impressive work. MORE | SAM'S BLOG WRITEUP

There was a new Twitter dump making the rounds last week, but it appears to just be cleaned-up data from a previous scraping incident. It's the same person who released both version; they were previously charging for it, and now they're making it available for free. MORE

AWS is now encrypting new S3 buckets by default. MORE

Chick-fil-A is investigating "suspicious activity" regarding some customer accounts. MORE

Synology published patches for multiple critical vulnerabilities. MORE

Zoho is urging admins to patch ManageEngine immediately due to a critical bug that provides authenticated users access to the backend database. MORE

TECHNOLOGY NEWS

It looks like Apple will launch its long-awaited headset this year. Rumors are early, but it appears it'll have a digital crown (think Apple Watch) that lets you adjust the amount of AR vs. reality. Sounds cool, but I'm really worried about how cool this thing will have to be to overcome the downside of a giant piece of hardware on your head. Certain things are hard deal-breakers for adoption and coolness-factor, and giant stuff on your head is one of them.That being said, it seems like the first version might be a VR headset similar to the Oculus, with the everyday glasses-type device coming later. MORE | GRUBER | MACRUMORS 

Microsoft is about to take a major swipe at Google's search dominance by integrating ChatGPT into Bing. It'll be interesting to see how it goes because GPT isn't super great at looking up facts right now. Its current form is somehow much better at replacing WIkipedia than Google. I'd just be happy to see anything that makes Google sweat. Their only innovation in search in the last several years seems to have been adding more ads. MORE

Tech companies laid off over 150,000 people in 2022, which is more than in 2020 or 2021. MORE

Amazon increased its layoffs from 10,000 to 18,000. Like many other companies, they're blaming overeager hiring in previous years. MORE

Samsung's last quarter profits fell an estimated 70% vs. last year. MORE

OpenAI may be selling some shares to a private equity fund in a deal that places its overall worth at around $29 billion. MORE

Apple has launched AI-powered book narrations. Really cool, but I'm still unable to use the Books app due to the lack of audiobook bundle pricing that exists with Amazon. MORE

Researchers tested GPT 3.5 against the Bar Exam and said GPT-4 will likely be able to pass it. MORE

Shopify has canceled all recurring meetings of more than two people and has encouraged employees to abstain from all large chats. Can't wait to hear the results of this experiment. MORE


HUMAN NEWS

A Tesla with a man and his wife and two kids went 300 feet off the edge of the cliffs on Highway 1 in California, and everyone survived. The husband has now been arrested for attempted murder. MORE

The US is looking to ban non-compete agreements in labor contracts. The move would significantly increase mobility for employees and competition for talent. MORE

China is reopening its border with Hong Kong after three years of strict control. MORE

There's a new mostly-automated McDonald's in Fort Worth, Texas. It's the first in a pilot of new automated locations that can do much of the entire process without humans. MORE

NYC schools are banning GPT on school devices and networks to avoid student cheating. Of course they'll still be able to use it on their mobile devices, at home, etc. I think it says a whole lot that they haven't banned Google in the same way. Doesn't that kind of mean GPT is better for looking things up? MORE

The latest omicron subvariant is now responsible for around 40% of US cases. MORE

The US is coming after $460 million in FTX-related money at Robinhood. MORE


IDEAS & ANALYSIS

ChatGPT in Security: Who Wins in Red vs. Blue
Here's a fun question: who is going to be better at using ChatGPT and future models for cybersecurity attack and defense? Will it be the attackers or the defenders? My money is on the attackers for no reason other than them having higher numbers, more time, and more scrappiness. Most defenders are professionals, while many attackers are either state-sanctioned or offensive security is their only viable path to a decent income. I see that difference putting most of the creative advantage on the attacker's side, and that's just adding to the natural asymmetry of "attackers can fail constantly and just hope to get lucky once vs. defenders needing to be right all the time." Examples of AI-powered attacks will (and already are in some cases) include faster and better phishing campaigns, automated exploit code writing, automated reverse engineering, automated BEC and other social engineering, information warfare campaigns, etc. Other than elite researchers and state-sponsored good hackers, I expect the defenders to be overwhelmed by the volume and creativity of AI-augmented attacks from those on the attacker side. MORE


NOTES

I've updated my LinkedIn profile to reflect that I'm now full-time at Unsupervised Learning. What a great feeling! Incredibly stoked for the products I'm building and all the extra time I'm going to be putting into the show. It's not even mid-month and we've already put out two member posts! MORE

Went to see my bestie Jason last week and it was glorious just hanging out, talking shop, and planning for 2023. Got to see him interact a ton with his kids as well, and it turns out he's as good a father as he is a friend and hacker. It was wonderful to see. MORE 

I did a bunch of AI art this weekend and published the gallery and the prompts I used to a new member post. MORE | SAMPLE


DISCOVERY

📄 Cloud Pentesting — An evolutionary timeline of getting into cloud-based pentesting. BLOG | BY SETH ART

AT&T predicted the internet in an ad in 1993. MORE

Excess management is costing the US $3 trillion a year. MORE

Accomplishments of Small Teams MORE

How LinkedIn rebuilt its threat detection and response program under the theme of a Software Defined SOC. MORE  

Upcoming security conferences calendar. MORE

A calendar of security and privacy CFP deadlines. MORE

My Hacker Samurai art was particularly popular this weekend. MORE | MEMBER POST WITH TECHNIQUE AND PROMPTS

There's big drama in the D&D space, with a new license going after competitors and attempting to control creators. MORE

Using GPT to create intelligence reports. MORE


RECOMMENDATION OF THE WEEK

Do a quick check of your backup situation. What all data is essential to you and your family? Do you have both a cloud and local backup of all that data? Run through some potential negative scenarios and make sure your current solution wouldn't leave you without data that's important to you. I like to do this exercise every January.


APHORISM OF THE WEEK

"The holy grail of discipline is getting your dopamine from effort rather than reward."

Andrew Huberman (Paraphrased)

No related posts.

I’ve been seeing a superhack for creating AI art from a few places online and I wanted to describe the technique here, show how to do it, and share some of the art I’ve made using it.

.memberful-global-teaser-content p:last-child{ -webkit-mask-image: linear-gradient(180deg, #000 0%, transparent); mask-image: linear-gradient(180deg, #000 0%, transparent); } This is UL Member Content

Subscribe

Already a member? Login

This is member content. Thank you for being a subscriber.

.memberful-global-teaser-content p:last-child{ -webkit-mask-image: linear-gradient(180deg, #000 0%, transparent); mask-image: linear-gradient(180deg, #000 0%, transparent); } This is UL Member Content

Subscribe

Already a member? Login

New Content

💡FRONTVIEW MIRROR: 2023 EDITION 
💡MY PHILOSOPHY AND RECOMMENDATIONS ON THE LASTPASS BREACHES


SECURITY NEWS

In a bit of Deja Vu from LastPass, Okta has now revealed that attackers have stolen source code from its GitHub repositories. This comes after it was hit by Lapsus earlier in 2022. They said no customer data was accessed, but LastPass has us all waiting for other shoes to drop. MORE

Two people have been charged in a Ring camera swatting spree after hacking Yahoo! email accounts for access. They used the stolen credentials to gain access to the accounts and then made fake emergency calls to the victims' addresses so they could watch the responses through the hacked Ring cameras. MORE

A ransomware attack at a Louisiana hospital has impacted 270,000 patients. The attack happened in October of 2022 and resulted in the loss of names, addresses, DOBs, medical records, financial information, and more from the affected victims. MORE

Americans lost $10 billion to Indian call center scams in 2022. MORE

The owner of Madison Square garden programmed the MSG facial recognition systems to ban his enemies. Lawyers who were suing him got put on a special list that excluded them from attending events. MORE

Snyk raised another $197 million at a $7.4 billion valuation. MORE

Serbia put its troops on high alert over rising tensions with Kosovo. Kosovo broke away from Serbia during the war in 98'-99', and now Serbia is accusing Kosovo of planning terror attacks against Serbian areas in Kosovo. MORE

Ukraine is getting 10,000 more Starlink antennas to help with the war, and the funding issues have evidently been solved by multiple European countries pitching in to pay for them. MORE

 
TECHNOLOGY NEWS

Mastodon has gone from 300,000 users to over 2.5 million (in November). MORE

Around 50% of Ethereum-based NFT trading was "wash" trading, which is basically people buying their own NFTs to pump the price. Now do your surprised face. MORE

Hue has a new Natural Light scene that gives you the proper temperature of light based on the time of day. MORE

A study has found that the Apple Watch can accurately predict stress levels based on its health telemetry. MORE

Adobe has a new podcast audio cleanup tool that's unbelievably good. I don't see how one would use it in a regular workflow, but for one-off cleanups it's quite impressive. I hope it ends up in some sort of tool that can be part of a production chain. MORE


HUMAN NEWS

Croatia is now on the Euro and part of the passport-free Schengen zone, meaning if you have an EU passport, you can freely move to and from other member countries. MORE

There's a new blood test that detects signs of Alzheimer's years before signs of cognitive decline are detectable. It detected indicators in 10 people in the control group and follow-ups years later revealed that they all ended up with impairment. MORE

The New York Harbor used to be full of sewage, and due to environmental controls, it's full of life—including Bald Eagles, Humpback Whales, Osprey, Sturgeon, and many other animals. MORE


IDEAS & ANALYSIS

💡FrontView Mirror: 2023 Edition (Members)— My read on what's on the horizon for 2023 and beyond. READ 

💡My Philosophy and Recommendation on the LastPass Breaches READ

💡My Answer to the "GPT Isn't Really Creative" Argument READ


NOTES

A Massive 2023
2023 is going to be completely insane for me, and for UL, in the best possible ways. For those that are wondering, I'm essentially doing three main things: 1) consulting using a set of offerings that I've built over the last several years, 2) building a number of products and services—one is an Attack Surface Product, another is a Health application, and another two that I'm not ready to talk about yet, and 3) doing the newsletter/podcast. Basically, everything I learn while studying, consulting, and building products gets folded back into the show. The UL community itself isn't a project; it's my life. It's the center of everything. So it's ever-present and continuous regardless of whatever else I'm doing. Same with studying, reading, and writing. I'll also be doing some paid speaking on the topics of pursuing fulfillment, coming trends in society, continuous attack surface monitoring, and building security programs. And to be able to do all this, I'm going to be hiring some people to help delegate and scale things. It's nice to have goals to do 10 different things, but unless you can delegate, and keep things running simultaneously while you work on other things, you'll end up executing them poorly. Or not at all.

CLI Updates
I like to update my CLI universe every year or two, and over the last few weeks I watched like 15 hours of video on Neovim, Tmux, and just general CLI optimization. I ended up updating my iTerm setup, redoing my Neovim config completely—including a full migration to pure Lua-based configuration, as well as some updates to how I use Tmux (and how Neovim and Tmux work together). For anyone interested, here are my two primiary Vim config files. REPO | SCREENSHOT
 
Infectious Positivity
Overall I'm just super pumped for 23'. I have an energy and mindset like I've never had—like I'm removing heavy backpacks and realizing I can run. I can't wait to see what I can accomplish this year. I'm also imbued with a desire to help others get to a similar place. I've been like this all my life. When I experience something cool I try to get all my friends into it. Well, you all are my friends. So please forgive me if you feel me pushing you to do X or Y. I'm not always right, of course, and even when I am, what's good for me isn't always good for other people. So feel free to discard the incoming passion and enthusiasm as needed. Just know it's coming from a good place. 🙂


DISCOVERY

⚒️ uncover — Another phenomenal tool by Project Discovery that uses search engine APIs to discover vulnerable hosts. Includes integrations with Shadan, Censys, FOFA, Hunter, and many more.  TOOL | BY PROJECT DISCOVERY

⚒️ clif — A command-line interface for application fuzzing. Basically like ffuf for local apps. TOOL | BY 0X4NDY | DEMO

Sam Harris' comments on Elon and Free Speech. Crystal clear, as usual. MORE

Robert Reich on how corporate America is consolidating. MORE

Laid-off tech workers seem to be finding jobs quickly. MORE


RECOMMENDATION OF THE WEEK

1. Buy a domain and start a blog. Not just a blog, but a website. A digital presence.
2. If you already have one, make sure it's on your own domain, and get everything you do digitally to emanate from your own site.
3. Commit to writing more. You don't have to take selfies with your food and become an "influencer". Just be yourself, in public, to whatever degree makes you comfortable.

Those are my tangible recommendations, and if you want my reasons, I've captured them here.

This is the year people need to break their reliance on companies for their identity. You are not an employee; you're a human. And I want to hear from you.


APHORISM OF THE WEEK

"Do whatever you feel most lazy about."

Unknown

No related posts.