Take 1 Security Podcast: Episode 4
Unsupervised Learning2 Helmi 2015

Take 1 Security Podcast: Episode 4



START CONTENT


* Ghost bug in PHP could affect millions of servers


* Flaw is in glibc, which is extensively by all Linux distributions
* Patch and reboot using yum or aptitude

* The US Army Released DShell, a malware forensics tool


* This is an interesting trend where we see tons of formerly secret groups flock to Github. Great to see

* Reddit released its first transparency report last week


* Says it received 55 requests for user information
* Says it complied with 64% of state and federal requests
* Says it received 218 requests for content removal, and complied with 31 percent of those
* I am pleased to see them releasing these numbers, and I hope more organizations do the same

* The GHCQ was using a program called BADASS to collect data leaked by games such as Angry Birds


* Luckily it only affected the 11 people still playing that game

* Russian dating site, Topface, got hacked for 20 million usernames
* The FBI busted up a Tom Clancy book plot in New York City


* The plan was to get information about wall street trading algorithms and hopefully destabilize the markets
* All they managed to do was embarrass themselves by commenting on how they couldn’t recruit young women

* China is demanding to be able to build backdoors into any code sold to its banking sector


* Some people call this news, but with China we just call this Wednesday

* Apple released a Yosemite update that fixed Thunderstrike, among other things
* Anonymous and Lizard Squad are going after each other


* Anonymous is the famous hacking group known for all sorts of things
* Lizard Squad is known for taking down the XBox and Playstation networks around Christmas time
* Anonymous DDoS’d the Lizard Squad website, and then Twitter suspended a couple of their handles
* Interesting to see these groups going after each other

* BMW and the internet of things is in the news, with BMW owners receiving an automatic push to around 2 million cars


* A vulnerability was present that could allow attacks to spoof cell towers and possibly control onboard systems
* BMW pushed a patch that ensures all such communications go over HTTPS
* It’s interesting that, like printers, cars are likely to become a primary IoT platform just because there are so many of them
* The key is to figure out what normal things exist in the world today en mass, and then imagine those things being connected
* Printers, cars, furniture, clothing, etc. It’s the regular stuff that makes it interesting because of how much attack surface they represent, and how prevalent the perspective they’ll offer into our daily lives



END CONTENT

Play Podcast

Notes


* Intro is from Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Jaksot(531)

Novelty Exploration vs. Pattern Exploitation

Novelty Exploration vs. Pattern Exploitation

How going from exploration to exploitation can help you as both a consumer and creator of everything.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

15 Loka 3min

Magnifying Time

Magnifying Time

Some thoughts on how novelty and attention magnify the time that we have. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Loka 6min

A Conversation With Harry Wetherald CO-Founder & CEO At Maze

A Conversation With Harry Wetherald CO-Founder & CEO At Maze

➡ Stay Ahead of Cyber Threats with AI-Driven Vulnerability Management with Maze:https://mazehq.com/ In this conversation, I speak with Harry about how AI is transforming vulnerability management and application security. We explore how modern approaches can move beyond endless reports and generic fixes, toward real context-aware workflows that actually empower developers and security teams. We talk about: The Real Problem in Vulnerability ManagementWhy remediation—not just prioritization—remains the toughest challenge, and how AI can help bridge the gap between vulnerabilities and the developers who need to fix them. Context, Ownership, and VelocityHow linking vulnerabilities to the right applications and teams inside their daily tools (like GitHub) reduces friction, speeds up patching, and improves security without slowing developers down. AI Agents and the Future of SecurityWhy we should think of AI agents as “extra eyes and hands,” and how they’re reshaping everything from threat detection to system design, phishing campaigns, and organizational defense models. Attackers Move FirstHow attackers are already building unified world models of their targets using AI, and why defenders need to match (or exceed) this intelligence to stay ahead. From Days to MinutesWhy the tolerance for vulnerability windows is shrinking fast, and how automation and AI are pushing us toward a future where hours—or even minutes—make the difference. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters: 00:00 – Welcome and Harry’s Background01:07 – The Real Problem: Remediation vs. Prioritization04:31 – Breaking Down Vulnerability Context and Threat Intel05:46 – Connecting Vulnerabilities to Developers and Workflows08:01 – Why Traditional Vulnerability Management Fails10:29 – Startup Lessons and The State of AI Agents13:26 – DARPA’s AI Cybersecurity Competition14:29 – System Design: Deterministic Code vs. AI16:05 – How the Product Works and Data Sources18:01 – AI as “Extra Eyes and Hands” in Security20:20 – Breaking Barriers: Rethinking Scale with AI23:22 – Building World Models for Defense (and Attack)25:22 – Attackers Move Faster: Why Context Matters27:04 – Phishing at Scale with AI Agents31:24 – Shrinking Windows of Vulnerability: From Days to Minutes32:47 – What’s Next for Harry’s Work34:13 – Closing ThoughtsBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Syys 35min

A Conversation With Grant Lee CO-Founder & CEO At Gamma

A Conversation With Grant Lee CO-Founder & CEO At Gamma

➡ Upgrade your presentations with Gamma, the best AI presentation maker: https://gamma.app In this conversation, I speak with Grant, co-founder of Gamma, about how their platform is transforming presentations and idea-sharing. Instead of starting with slides, Gamma helps you focus on the story first—then builds the visuals, structure, and delivery around it using AI. We talk about: From Slides to StoriesWhy presentations should begin with narrative flow and core ideas, not pre-existing slide templates. Gamma enables creators to design around the message rather than being trapped by the format. AI as Your Presentation PartnerHow Gamma acts like a personal design expert—adjusting layouts, visuals, and style in real time—similar to having a world-class presentation coach and designer by your side. Idea Propagation Beyond SlidesWhy Gamma isn’t just about “slides,” but about propagating ideas in the right medium: presentations, video overlays, mobile-first content, or even context-based imagery and clips. The Future of GammaWhere the platform is headed in the next few years, and how AI-driven storytelling will redefine the way we share ideas across industries. Subscribe to the newsletter:https://danielmiessler.com/subscribe Join the UL community:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters: 00:00 – Introduction to Unsupervised Learning00:17 – Welcome Grant and Gamma’s Background01:31 – AI Trends Driving Presentation Innovation03:20 – Story First: Rethinking Workflow Beyond Slides04:29 – Building Narrative Flow Before Design07:42 – Gamma as an AI Presentation Partner09:43 – What Gamma Does Differently from Other Tools12:27 – Idea Propagation: Matching Message, Medium, and Audience13:23 – Enhancing Presentations with Images, Clips, and Context15:15 – Current Graphics and Animation Options17:03 – Most Popular and Favorite Features in Gamma18:05 – What’s Coming Soon in Gamma19:08 – The Future of Idea Propagation with AI20:46 – Where to Learn More About Gamma21:21 – Closing ThoughtsBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

18 Syys 21min

UL NO. 497: STANDARD EDITION | More NPM Shenanigans, I Open Sourced Kai, Blood Work Results, Finding Vulns in a 10-line Prompt, and more...

UL NO. 497: STANDARD EDITION | More NPM Shenanigans, I Open Sourced Kai, Blood Work Results, Finding Vulns in a 10-line Prompt, and more...

UL NO. 497: STANDARD EDITION | More NPM Shenanigans, I Open Sourced Kai, Blood Work Results, Finding Vulns in a 10-line Prompt, and more... Read this episode online: https://newsletter.danielmiessler.com/p/ul-497 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

10 Syys 37min

UL NO. 496: STANDARD EDITION | New Video on Building my Personal AI System, Anthropic Reveals One-person Hacking Company using Claude, Pentagon Says China Keeps Penetrating, and more...

UL NO. 496: STANDARD EDITION | New Video on Building my Personal AI System, Anthropic Reveals One-person Hacking Company using Claude, Pentagon Says China Keeps Penetrating, and more...

UL NO. 496: STANDARD EDITION | New Video on Building my Personal AI System, Anthropic Reveals One-person Hacking Company using Claude, Pentagon Says China Keeps Penetrating, and more... Read this episode online: https://newsletter.danielmiessler.com/p/ul-496 Personal AI Video I'm so excited about Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

5 Syys 1h 2min

A Conversation with Michael Brown About Designing AI Systems

A Conversation with Michael Brown About Designing AI Systems

In this episode of Unsupervised Learning, I sit down with Michael Brown, Principal Security Engineer at Trail of Bits, to dive deep into the design and lessons learned from the AI Cyber Challenge (AIxCC). Michael led the team behind Buttercup, an AI-driven system that secured 2nd place overall. We discuss: -The design philosophy behind Buttercup and how it blended deterministic systems with AI/ML -Why modular architectures and “best of both worlds” approaches outperform pure LLM-heavy -designs -How large language models performed in patch generation and fuzzing support -The risks of compounding errors in AI pipelines — and how to avoid them -Broader lessons for applying AI in cybersecurity and beyond If you’re interested in AI, security engineering, or system design at scale, this conversation breaks down what worked, what didn’t, and where the field is heading. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Elo 50min

UL NO. 494:  STANDARD EDITION | AI Finds a P1, I Missed Chartbeat So I Made My Own, XBow Open-Sources Their AI Bot, and more...

UL NO. 494:  STANDARD EDITION | AI Finds a P1, I Missed Chartbeat So I Made My Own, XBow Open-Sources Their AI Bot, and more...

You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Read this episode online: https://newsletter.danielmiessler.com/p/ul-494 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

21 Elo 1h 38min