UL NO. 411: ChatGPT Repeat Vuln, A UL AI Course!, Revenge Code Deletion
2023-12-13 23:30:0 Author: danielmiessler.com(查看原文) 阅读量:8 收藏

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.

Hey there!

Something super cool to share that I’ve been working on.

Approximately 1,000,007 people have asked me for a deep-dive on how I’m using AI. All the tools I’ve built. What they do. How I set them up. And how they can do the same.

So I’ve made an intense, 3-hour course that covers all of it, that I’m running in January!

What AUGMENTED covers:

My Approach

  • What I want from AI (the problems I’m solving)

  • My framework / approach for solving them

  • A live demo of multiple workflows

Architecture Overview

  • The tech stack that I’ve built

  • My prompt/templates approach and lessons-learned

Guides

  • A step-by-step for building the server-side infra

  • A step-by-step for building the client-side infra

  • Hosting recommendations

Outputs

  • The full guide to building my stack for yourself

  • Multiple full-text copies of my actual modules

  • A set of ideas you can use for different professions and areas of focus, e.g., security, writing, copywriting.

Basically, by the end of the 3 hours, you’ll be able to build a copy of my AI ecosystem for yourself.

The course will be limited in attendance, early access prices start at $495. The date will be announced soon for the middle of January 2024.

  • UL Subscribers can get early subscriber access for $445. GET YOUR SPOT

  • UL Members get a full $200 off the course, bringing it to $295! BECOME A MEMBER

Super excited to share my full ecosystem and workflows, and now I have the avenue to do that!

MY WORK

Had the opportunity to talk to my good friend Gabe about a bunch of AI topics. Gabe is super bright on all sorts of AI topics, and especially AI Safety and use cases for Threat Intelligence. Check it out. WATCH IT

SECURITY

Researchers have found a way to extract megs of ChatGPT's training data by prompting it to repeat a word indefinitely. The attack can make the model regurgitate data it was trained on, including sensitive information like email addresses and phone numbers. OpenAI also warns, however, that the attack goes against the TOS. MORE

Meta has rolled out end-to-end encryption by default on Messenger. A lot of people see this as a pure win, and I mostly do as well. But the easiest way for me to tell someone is unsophisticated in infosec is for them to tell me they’re 100% for or against end-to-end encryption. MORE

🪳Atlassian just patched four more critical vulnerabilities that could allow RCE. | CRITICAL | CVE-2022-1471, CVE-2023-22522, CVE-2023-22523, CVE-2023-22524 | CVSS Scores: 9.8, 9.0, 9.8, 9.6 MORE

Incidents

🚨US Agencies Hacked — Hackers exploited a critical Adobe ColdFusion flaw to hit US government servers. | CRITICAL | CVE-2023-26360 MORE | MORE | CISA ADVISORY

⚠️ Engineer's Costly Revenge — Miklos Brody got two years for trashing his ex-employer's code after being fired. | SEVERITY: HIGH | RESPONSE: He must pay $529,000 and will be under supervised release for three years. MORE

⚠️ Austal USA Hacked — Navy contractor Austal USA confirms a cyberattack with no operational impact (um, yet). | SEVERITY: MEDIUM, as the breach could involve sensitive shipbuilding data but no classified information was reported stolen. | RESPONSE: Reps say the incident was quickly mitigated and authorities are investigating. Just remember what we said last week about waiting for shoes to drop. MORE

Vulnerabilities

🚨Sophos RCE Exploitation — Sophos had to issue a fix for an RCE vulnerability after attacks on outdated firewalls. | CRITICAL | CVE-2022-3236 | MORE

🚨Outlook Hijack Alert — Russian hackers are exploiting a critical Outlook bug to take over Exchange accounts. | CRITICAL | CVE-2023-23397 MORE

🪳ClamAV Critical Flaw | CRITICAL | CVE-2023-20032 MORE

Sponsor

CISOs Overconfident But Underprepared for SaaS Security Risks

A disconnect lurks in the current state of SaaS cybersecurity. We surveyed 600+ security experts, and many were confident in their SaaS security strategies, yet:

  • 79% faced SaaS security breaches in the past year.

  • 52% of organizations still rely on manual SaaS cybersecurity audits

  • 60% have limited to no ability to monitor SaaS-to-SaaS connections

GitLab's new guide shows you how to visualize cyberattack techniques using MITRE ATT&CK Navigator, making it easier to see your security coverage. Includes a ready-to-use example project that lets you map out techniques across the ATT&CK framework. MORE

North Korean hackers are phishing crypto teams by impersonating legitimate investment firms. They get them to download malicious scripts that grant control over the team's computers, and then use that access to steal the funds they have access to. MORE

💡One common thread I’ve seen in Crypto projects is an immature, energetic, and nearly religious pursuit of fast money. This is what makes these projects so ripe for fraud. Most everyone involved is trying to become a millionaire in a matter of months. And this not only makes them vulnerable to fraud, but other types of attack as well—including phishing, credential theft, investment scams, etc.

TECHNOLOGY

Google shat the bed on its Gemini rollout. It was supposed to be the big GPT-4 killer, and it ended up flopping for multiple reasons. 1) The real model everyone was waiting for isn’t coming out until next year. 2) They actually fudged some of the demos. Not complete lies, but trickery for sure. 3) You still have to use it in Bard, but the integration wasn’t fully-baked. In short, and like usual, they have amazing tech and they continue to fail at Product Management. All that said, the smaller models are pretty interesting, and the fact that they’ll be integrated with Android is a big deal indeed. MORE

🤖 Someone recreated the Google Gemini demo, but with GPT-4, and it works! MORE

Spotify just cut 17% of its staff and killed off some top podcasts, signaling something, but I’m not sure what. Is this Spotify losing, or podcasting in general? I think probably the former. The layoffs are the third round this year. MORE 

Elon Musk launched Grok to Premium+ members. I signed up to use it and it’s pretty decent. For me, however, I am a pinnacle model guy, which means GPT-4. I have such limited time, and it’s not my job to taste and sample and rate AI implementations. I am building on AI, not just talking about it. Which means I’m picking one and diving in. And for now, that’s OpenAI. The only reason I’ll use something other than OpenAI is if it has a standout feature that I can’t get anywhere else. MORE

Amazon's rolling out Digit, its humanoid robot. Currently, operating Digit costs about $10 to $12 per hour, but Agility Robotics expects this to drop to $2 to $3 as production scales up. Since 2017 they’ve gone from like 48K robots in their distribution centers to nearly 800,000. But don’t worry, they said they’re there to work “in collaboration with” humans, not to replace them. MORE

Tesla's rolling out Apple Podcasts to their vehicles next week, which is great. But I’d still prefer a tighter integration like CarPlay. MORE

HUMANS

Tesla's Model Y just surpassed the Toyota RAV4 in new vehicle registrations in the US, but at the same time Ford has reduced their production target for F-150 Lightnings by 50%. So I ask again—is Tesla the only one winning in the electric car space? It’s starting to feel like Uber, where we thought there would be tons of players, but the first mover is ending up on top. MORE

A whole lot of businesses seem to be realizing that Austin (and Texas) is not the same as the Bay Area, so they’re moving out and/or back. I’m sure it’s multifactorial, but I’d bet a lot of it is the pure hustle culture in the Bay. Austin is more focused on balance, which is not the desired Alaskan Fishing Boat philosophy. MORE

The Extremely Large Telescope in Chile will be finished in 2028. It will have a huge 39.3-meter main mirror, which is around 4x the current largest. It’ll allow us, among other things, to see exoplanets! MORE

A Cardiff University study suggests low-dose aspirin could cut cancer death rates by 20%. The research analyzed data from 118 studies involving around a million patients, showing a significant reduction in cancer mortality for those taking daily low-dose aspirin. MORE

Canada’s cost of living is increasing rapidly, causing reverse immigration. MORE

NOTES

Three words: Blue. Eye. Samurai.

DISCOVERY

🛠️ Web API Testing — Learn how to test web APIs with practical labs and techniques. | by albinowax MORE

🪳 SyzGPT Meets LLM — A new tool combines fuzzing with language models to improve security testing. | by albocoder1 MORE

📂 The InfoSec OPML File — This OPML file is a goldmine for anyone in infosec. It's a curated list of feeds that you can plug into your RSS reader a ton of infosec inbound content. | by Securibee | MORE

🔍 Decompiler Explorer — Compare decompiler outputs directly in your browser with this new web tool. MORE

🕹️ apk.sh — This Bash script streamlines reverse engineering of Android apps by automating tasks like pulling, decoding, and patching APKs. MORE

🔎 Tom Hazledine just open-sourced his AI tooling for finding related blog posts using LLM embeddings and GPT-4, making content recommendations smarter and more relevant. MORE

🔧 Nuclei AI Extension — Streamlines the process of creating vulnerability templates directly from web content. | by projectdiscovery | MORE

🔒 VulnerableCode — A free, open database for software package vulnerabilities. | by nexB | MORE

🛠️ Openlayer — A workspace for evaluating machine learning models, offering real-time updates on performance and anomalies. MORE

Taylor Swift's "Eras" Tour is the first to do over $1 billion in ticket sales. MORE

Storytelling Wins Interviews MORE

Top Reads of 2023 MORE

🔥The Egg by Andy Weir MORE

Print That Video MORE

Apple and Amex? MORE

Switch off bad TV settings MORE

RECOMMENDATION OF THE WEEK

Three words: Blue. Eye. Samurai. It’s on NETFLIX, and it’s Rated R. Soooo good.

Anyone using these new nicotine gums? I’m all about nootropics, and nicotine doesn’t seem too dangerous, actually. But wondering what people think here. Huberman knows someone who eats the gum like all day everyday.

APHORISM OF THE WEEK

Don't be afraid your life will end; be afraid that it will never begin.

Grace Hansenote

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Yours,


文章来源: https://danielmiessler.com/p/ul-411
如有侵权请联系:admin#unsafe.sh