UL NO. 458: Ollama Vulnerabilities, Rating AI Using AI, The Mantis Hack-back Framework
2024-11-13 10:43:37 Author: danielmiessler.com(查看原文) 阅读量:6 收藏

SECURITY | AI | PURPOSE
UNSUPERVISED LEARNING is a newsletter about upgrading to thrive in a world full of AI. It’s original ideas, analysis, mental models, frameworks, and tooling to prepare you for the world that’s coming.

TOC

Hey there!

  • I created the first Fabric Stitch, called rate_ai_result (DIRECT LINK). It rates the quality of AI #1 using the judgement of AI #2! And the result is an assessment of how smart AI 1 was on the following scale:

A rate_ai_result output example

You can get rate_ai_result here. MORE

  • 👋🏼Going forward I’ll be sending this newsletter from [email protected] instead of [email protected], so please add [email protected] to your contact list to avoid future newsletters going to spam. 🫶🏼

  • I’m entering the fiber world! I’ve upgraded to 5Gbit fiber for internet, and it’s making me want to upgrade the house to be able to handle it too. Which means 10Gbit switches and ethernet ports on devices (where possible). So now I need to figure out how to replace my CAT6 in the walls with fiber as well, which will be a comfortable 100Gbit. 😍

Over CAT6 to my Mac Studio M2 that comes with 10Gbit Ethernet

  • Had a great sponsored conversation with Jason Haddix with Flare! We talked about a lot of things, but especially what special sauce makes Flare so attractive as a platform for Jason. Watch it on YouTube!

Sponsor

The Security Leader’s Guide to Proactive Vulnerability Management

Cyber threats are inter-connected. Vulnerabilities are gateways in your attack surface that can be exploited to deploy ransomware, infostealers, and other cyber threats.

➡️ Roadmaps, battle-tested lessons learned, and strategies implemented by Flashpoint customers.

➡️ Measuring your VMP's effectiveness with metrics like Mean Time to Detect (MTTD) and Mean Time to Remediation (MTTR).

➡️ How to manage risk exposure by combining powerful vulnerability intelligence with industry-leading threat intelligence.

SECURITY

Six critical flaws have been found in the Ollama AI framework, potentially allowing denial-of-service, model theft, and poisoning attacks. MORE

💡Remember: Friends don’t let friends publish their Ollama APIs online without authorization/filtering.

The FBI is warning about a rise in hacked police emails being used to send fake subpoenas and emergency data requests (EDRs) to U.S. tech companies. MORE 

💡Pretty nasty general attack type here.

Basically, you find low-security organizations that have high trust, and then you compromise them and make requests with them as the origin.

Think access to data, special permissions, restricted authorization to do something, etc. Seems like government and law firms are likely targets here.

Google's AI security assessment tool, Big Sleep, found a zero-day vulnerability in the SQLite database engine. This is the first time we’ve seen AI find something that more standard testing has missed in the past. MORE

Sponsor

Dropzone AI Named a Gartner Cool Vendor!

The FBI is asking the public for help in identifying Chinese hackers in groups like APT31 and APT41. MORE 

CrowdStrike has launched new AI Red Team Services to identify vulnerabilities in AI systems and provide guidance on how to fix them. MORE 

Synology is telling users to patch a critical zero-click RCE bug, CVE-2024-10443, affecting millions of DiskStation and BeePhotos NAS devices. Remember: Friends don’t let friends put NAS on the internet. MORE 

Nokia is investigating a potential breach after a hacker, IntelBroker, claimed to have stolen their source code from a third-party vendor. The hacker says the data includes SSH keys, source code, RSA keys, and more, accessed via default credentials on a SonarQube server. MORE 

Canada has ordered TikTok Technology Canada to shut down, citing national security risks. The decision doesn't block Canadians from using TikTok, but shuts down the company's Canadian business operations. MORE 

Researchers from George Mason University have introduced Mantis, a framework that uses prompt injections to hack-back against prompt injection. By exploiting the vulnerabilities of large language models, Mantis can misdirect or even compromise attackers' systems. MORE 

The U.S. is tightening rules on foreign real estate deals near military bases, adding 60 more installations to the list under CFIUS scrutiny. This follows the forced closure of a Chinese-owned crypto mine near F.E. Warren Air Force Base, which raised national security concerns. MORE 

AI / TECH

Robotic dogs are now patrolling Mar-a-Lago to help protect President-elect Donald Trump. These "high-tech hounds" are part of the ASTRO program, equipped with surveillance tech and sensors to detect bombs and chemical threats. MORE 

💡I think 2025 and 2026 are going to be some serious utopia / dystopia years. Lots of sci-fi happening in reality.

Nvidia surpassed Apple to become the world's largest company by market cap, hitting $3.43 trillion. MORE 

OpenAI has introduced a new feature called "Predicted Outputs" that lets you send expected content to speed up API responses. If your prediction is spot-on, there's no extra cost, but if it diverges, you'll pay for the additional tokens. MORE

Waymo has launched its robotaxi service across an 80-square-mile area in and around Los Angeles. Hey, no fair. What happened to the greater Bay Area! MORE 

Apple's adding a new feature to the Find My app in iOS 18.2 that lets you share a lost AirTag's location with an airline or a trusted person. Apple wins by doing thousands of these small improvements that add up over the years. Then they get sued because everyone likes them better than competitors. MORE 

Apple's Vision Pro visionOS 2.2 adds wide and ultrawide display options for a laptop or desktop display. It’s completely nuts. Super clear, high-resolution, and I’ve spent over an hour working on it. Plus you can position visionOS apps around it too. MORE | VIDEO OF IT IN ACTION

TSMC is set to open its Fab 21 in Arizona this December, which will be huge for the on-shoring movement in the US. MORE 

TSMC is halting the supply of advanced AI processors to its Chinese clients starting November 11, following an investigation showing chips were ending up in Huawei devices. MORE

HUMANS

The dollar is at its highest in two years, and the stock market has been going crazy since Trump won the election. Investors are betting on "Trump trades," expecting tariffs and tax cuts to boost stocks, inflation, and slow interest rate cuts. And Bitcoin is near $90,000. Wow. MORE 

💡I predicted Trump would win, and that investors would go batshit. But I didn’t anticipate this much movement even before he took office.

Andreessen Horowitz is backing AI-powered parenting tools, with partner Justine Moore highlighting a new wave of "parenting co-pilots" using LLMs and agents. MORE 

💰My buddy is participating in a real-life bug bounty. Actually a treasure hunt. It’s detailed in this book that was just released. He’s been traveling to this remote island with other bounty hunters (cyber) to search for a treasure worth like half a million dollars. MORE 

Genetic discrimination is becoming a real thing (as we knew it would). Insurers use DNA data to deny coverage or hike prices. Bill, a healthy 60-year-old, was denied long-term-care insurance after revealing a genetic mutation linked to ALS, despite not having the disease. MORE 

Companies are already moving production out of China as Trump plans massive tariffs. Steve Madden is cutting its China-made products by 40%-45% and shifting to Vietnam and Cambodia. Stanley Black & Decker is reworking its supply chain but says US production is unlikely. Meanwhile, HM Manufacturing and Cruz are eyeing increased US production to meet demand and avoid tariffs. MORE 

💡Seems like the tariffs might work as prods for companies to do what they wanted to do anyway (move out of China), but they have to be done carefully to avoid massively increasing inflation. Will be interesting to see how broad and fast they’re applied.

🔭NASA's Juno spacecraft just completed its 66th flyby of Jupiter, sending back stunning raw images that community editors have turned into incredible photos. MORE 

😍Deanna Dikeman's "Leaving and Waving" is a brilliant and touching photo series capturing her parents waving goodbye over the years. The project spans from 1991 to 2017, documenting these heartfelt moments as she drove away from their home. MORE 

A new study from Ben-Gurion University shows that controlling blood sugar can slow brain aging. MORE 

Astrobiologist Sara Imari Walker explores the complex question of what life truly is in her book, "Life as No One Knows It: The Physics of Life’s Emergence"

A possible UL Bookclub candidate!

She argues that modern science has yet to develop a theory that fully integrates life into the universe's description, challenging the boundaries between disciplines like biology, chemistry, and physics. MORE 

A mom in Georgia was jailed after her 11-year-old son walked alone to town, despite her belief in a "Free-Range" upbringing. I’d love for the libertarian mindset to come to parenting, too. Seems pretty easy to tell the difference between neglect and free-range. MORE

The average age of U.S. homebuyers has jumped to 56, up from 49 last year. MORE 

Oliver Sacks explores the meaning of life through love and despair in his letters, emphasizing that meaning is something we create, not find. MORE 

IDEAS

Crypto is Back, but as Gambling and Money Stores
I think crypto is back not so much as an idea right now, but as a “screw the system” gambling/alternative bank type thing. This ends badly for most involved, with a few people getting super rich. We’ve seen the movie already. Maybe Solana is an exception (like a really fast Ethereum, basically). I personally won’t be playing much other than as a game. My big bets are on NVIDIA and TESLA. With Apple and Costco as my secondaries.

“I sense the good in him.”
Unlike most smart people I know, I think Elon and Andreessen and Thiel and those types are actually still good people. I think Elon’s been really nasty online, and I’m worried we could be losing him to extremist thinking. I’m worried about it. For sure. But I don’t think his fundamentals have changed. I think he’s triggered and lashing out, and that he’ll come back. That’s my belief. Or my hope. Can’t tell which sometimes. Maybe they’re the same. Talked with Sam Harris about it after his latest podcast, The Reckoning, and he thinks I’m wrong. 🥹 So if all my smart friends think I’m wrong, and I am the only one who sees this, I’m either seeing something they aren’t, or I’m confusing hope with reality. I think it’s the former, and I’m willing to make a prediction on this. I like predictions now—in the spirit of Superforecasters. So my prediction is that over the next 4 years we’re going to see Elon, a number of these Silicon Valley types, and yes—even Trump—take stances and create policies that are very Liberal in purpose. Meaning, they’re trying to lift everyone, not just the elite. In other words, we’re going to see significant compassion and the lifting of everyone in their rhetoric and work. If I’m wrong, I’m wrong. I fully acknowledge there’s a significant chance it goes the opposite way. And if that happens I’ll be opposing them just like my other friends in the center and on the left. But if I’m right, then I ask you to encourage the good in them (and people like them). I ask you to help me pull them back from the chasm.

DISCOVERY

Security Is a Useless Controls Problem MORE

ChainForge — ChainForge is an open-source visual programming tool for prompt engineering that lets you run evaluations against prompts using a boxes-and-lines interface reminiscent of Yahoo Pipes. MORE 

How do you run away from an army of these? MORE

ToolGit — A set of scripts that add new sub-commands to Git, enhancing its functionality. MORE 

An AI cluster using Mac Minis and Exolabs. MORE

How I ship projects at big tech companies MORE 

Diagrams — A tool for creating diagrams as code, making it easier to visualize complex systems and architectures. MORE 

Everything I've learned so far about running local LLMs MORE

Packy McCormick encourages readers to spend less time doomscrolling and more time reading books. MORE 

Draw.Audio — A new musical sketchpad using the Web Audio API lets you create music directly in your browser. MORE 

RECOMMENDATION OF THE WEEK

The CEO of Anthropic thinks AGI is coming within a couple of years. Sam Altman thinks it’ll be 2025 or 2026.

Start getting ready.

  • Know your life mission

  • Know your goals

  • Fill in and practice your most important sentence.

  • Start building your TELOS file

  • Get really good with your AI tools (fabric, chatgpt, etc.)

  • Get your website up

  • Commit to reading 50 books in 2025

  • Start writing—even if you think you don’t have anything to say

APHORISM OF THE WEEK

If you were offered 1 million dollars not to wake up tomorrow, you wouldn’t take it. Which means waking up tomorrow is worth more than a million dollars.

Treat it that way.

Thank you for reading. Please forward to a friend and/or share on socials to help support the work.

🫶🏼

Daniel


文章来源: https://danielmiessler.com/p/ul-458
如有侵权请联系:admin#unsafe.sh