Unsupervised Learning: No. 187
Unsupervised Learning22 Juli 2019

Unsupervised Learning: No. 187

Lots of people in the security community went silly over the FaceApp application last week, basically saying that you shouldn't be using the application because they'll steal your face and then be able to impersonate you. Oh, and then it turned out to be a Russian company who put out the application, and that made it 100x worse. The problem here is the lack of Threat Model Thinking. When it comes to election security, propaganda discussions, etc., I am quite concerned about Putin's willingness and ability to harm our country's cohesion through memes and social media. But that does not extend to some random company stealing faces. Why? Because before you can get legitimately concerned about something, you have to be able to describe a threat scenario in which that thing becomes dangerous. As I talked about in this piece, pictures of your face are not the same as your face when it comes to biometric authentication. There's a reason companies need a specific device, combined with their custom algorithm, in order to enroll you in a facial identification system. They scan you in a very specific way and then store your data (which is just a representation, not your actual face) in a very specific way. Then they need to use that same exact system to scan you again, so they can compare the two representations to each other. That isn't happening with random apps that have pictures of you. And even if that were the case, they could just get your face off your social media, where those same people who are worried are more than happy to take selfies, put their pictures on profile pictures, and make sure as many people see them as possible. There are actual negative things that can be done with images (like making Deepfakes of you), and that will get easier over time, but the defense for that is to have zero pictures of you…anywhere. And once again you have to ask who would be doing that to you, and why. Bottom line: authentication systems take special effort to try to ensure that the input given is the same as the enrollment item, e.g., (face, fingerprint, etc.), so it will not be easy any time soon to go from a random picture to something that can full a face scanner or fingerprint reader at the airport. People reading this probably already know this, but spread the word: threat modeling is one of our best tools for removing emotion from risk management.

A contractor named SyTech that does work with Russian FSB has been breached, resulting in the release of 7.5TB of data on the FSB's various projects. This is obviously embarrassing for SyTech and the FSB, but the leaked projects focused on de-anonymization, spying on Russian businesses, and the project to break Russia away from the Internet, which are all known and expected efforts. So there don't seem to be any big reveals as a result of the leak. More

Someone discovered that a bunch of browser extensions were reading things they shouldn't be, and sending them out to places they shouldn't be. This is not surprising to me. Chrome extensions are like Android apps, which should tell you all you need to know about installing random ones that seem interesting. My policy on browser extensions is extremely strict for this reason. People need to understand how insane the entire idea of the modern web is. We're visiting URLs that are executing code on our machines. And not just code from that website, but code from thousands of other websites in an average browsing session. It's a garbage fire. And the only defense really is to question how much you trust your browser, your operating system, and the original site you're visiting. But even then you're still exposing yourself to significant and continuously-evolving risk when you run around clicking things online. And the worst possible thing you can do in this situation is install more functionality, which gives more parties, more access, to that giant stack of assumptions you're making just by using a web browser. The best possible stance is to have as few people possible with access to your particular dumpster. And that means installing as few highly-vetted add-ons as possible. More

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

UL NO. 458: Ollama Vulnerabilities, Rating AI Using AI, The Mantis Hack-back Framework

UL NO. 458: Ollama Vulnerabilities, Rating AI Using AI, The Mantis Hack-back Framework

My conversation with Jason Haddix from Flare, Google finds a Zero-Day with AI, Robot Dogs Protecting Mar-a-Lago, and more... Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!  Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

17 Nov 202432min

A Conversation with Jason Haddix from Flare

A Conversation with Jason Haddix from Flare

Streamline Your Cybersecurity with Flare Here: https://try.flare.io/unsupervised-learning/ In this conversation, I speak with Jason Haddix, founder of Arcanum Security and CISO at Flare. We talk about: Flare's Unique Approach to Threat Intelligence:How Flare's capability to uncover compromised credentials and cookies from the dark web and private forums has been crucial in red team engagements. Challenges of Credential Theft and Advanced Malware Techniques:How adversaries utilize tools like the RedLine Stealer malware to gather credentials, cookies, and other sensitive information, and this stolen data enables attackers to bypass authentication protocols, emphasizing the need for comprehensive exposure management. Jason's Journey To Founding Arcanum & Arcanum's Security Training Programs:How Jason now advises on product development and threat intelligence as Flare's CISO and his journey to fund Arcanum, a company focused on red teaming and cybersecurity, and Arcanum's specialized training programs focusing on offensive security and using AI in security roles.  And more Introduction to the Podcast (00:00:00)Guest Excitement on Podcast (00:00:20)Jason's New Business and Flare Role (00:00:24)Career Shift from Ubisoft to Red Teaming (00:01:02)Evolution of Adversary Tactics (00:02:04)Flare's Credential Exposure Management (00:02:58)Synergy Between Arcanum and Flare(00:03:55)Dark Web Credential Compromise (00:04:45)Challenges with Two-Factor Authentication (00:06:25)Cookie Theft and Unauthorized Access (00:07:39)Redline Malware and Its Impact (00:08:12)Flare's Research Capabilities (00:09:50)Potential for Advanced Malware Detection (00:11:40)Expansion of Threat Intelligence Services (00:12:15)Vision for a Unified Security Dashboard (00:13:25)Integrating Threat Intelligence with Identity Management (00:14:00)Credential Update Notifications via API (00:15:54)Automated Credential Management Potential (00:17:28)AI Features in Security Platforms (00:17:32)Exploration of Automated Security Responses (00:18:38)Introduction to Arcanum Security (00:19:25)Overview of Arcanum Training Courses (00:20:25)Necessity for Up-to-Date Training (00:22:15)Guest Experts in Training Sessions (00:23:08)Upcoming Features for Flare (00:25:11)Integrating Vulnerability Management (00:28:08)Accessing Flare's Free Trial (00:28:25)Learning More About Arcanum (00:29:09)Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

11 Nov 202430min

UL NO. 454: The First AI Breaches

UL NO. 454: The First AI Breaches

AI Avatar Breaches, Gullibility is Vulnerability: Conspiracy is Threat, Caldera's New Plugin, and more... Try Out the ThreatLocker to take your security to the next level: https://www.threatlocker.com/ul Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

18 Okt 202435min

How My Projects Fit Together (Substrate, Fabric, Telos, Daemon, and Human 3.0)

How My Projects Fit Together (Substrate, Fabric, Telos, Daemon, and Human 3.0)

This episode, "How My Projects Fit Together," is a follow-up to a previous post called "What I Am Doing & How It's Going". Here, Daniel Miessler addresses the most commonly asked questions: "I see all your projects, but what are they? How are they related?" He takes an individual look at his various projects (Substrate, Fabric, Telos, Daemon, and Human 3.0) and then how they work together to tackle big issues such as the lack of purpose and meaning in people's lives, preparing people for the impact of AI in society, and the need for holistic human development. For all the projects’ links,visit: https://danielmiessler.com/p/how-my-projects-fit-together - Intro (00:00:00)- Identifying Major Problems (00:00:47)- Lack of Purpose and Meaning (00:01:50)- Impact of AI on Society (00:01:50)- Training for Full-Spectrum Individuals (00:03:02)- Security as a Core Focus (00:03:02)- Helios: Attack Surface Monitoring (00:04:11)- Daemon: Security Program Management (00:05:16)- Substrate: Enhancing Human Understanding (00:06:21)- Argument Components in Substrate (00:07:35)- AI and Argument Detection (00:10:59)- Fabric: Augmenting Humans with AI (00:15:26)- Fabric Patterns for Problem Solving (00:16:31)- Fabric Overview (00:19:36)- Telos Introduction (00:20:50)- Articulating the Mission (00:21:50)- Telos File Example (00:22:53)- Managing Personal Life with Telos (00:23:57)- AI and Purpose (00:26:10)- Daemon Introduction (00:28:21)- API Concept in Daily Life (00:29:28)- Digital Assistants and APIs (00:31:40)- Human Connection through Sharing (00:37:52)- Daemon Personal API Broadcast (00:39:53)- Human 30 Introduction (00:43:07)- Human 30 Philosophy (00:45:22)- Impact of AI on Work (00:48:47)- Human 30 Platform Overview (00:51:00)- Summary of Projects (00:54:03)- Vision of Future AI Integration (00:56:21)- Encouragement for Clarity and Purpose (00:57:39)- Encouragement for Purpose (00:59:47)- Articulating Your Work (01:00:46)Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

15 Okt 20241h 1min

Human 3.0—The Skills & Mental Frames Required To Thrive In An AI World

Human 3.0—The Skills & Mental Frames Required To Thrive In An AI World

Human 3.0 is here. In this conference for the United Nations, Daniel Miessler introduces the topic of Human 3.0 philosophy and the skills and mental frameworks needed to thrive in an AI-driven world.  Learn about: - The future of work and the human 3.0 economy. - How AI will revolutionize startups and entrepreneurship. - How one-person billion-dollar companies are becoming a reality. - Creative expression and AI. - The importance of personal visibility and authenticity. - How to survive and thrive in today's rapidly evolving technological landscape. Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

9 Okt 202430min

UL NO. 452: The New Hotness: NotebookLM

UL NO. 452: The New Hotness: NotebookLM

China prepping for kinetic using cyber?, Automatic podcast creation using NotebookLM, VM + AI, and more... Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

7 Okt 202450min

NotebookLM Podcast: David Deutsch, Understanding, and AI

NotebookLM Podcast: David Deutsch, Understanding, and AI

This is a NotebookLM podcast based on a long conversation I had with my AI, DARSA, on the topic of whether AIs truly understand things and/or are capable of creativity.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

2 Okt 202412min

Venture Capitalists Favor Risk-Takers: The Rise of Self-Made Billionaires and Tech Innovators

Venture Capitalists Favor Risk-Takers: The Rise of Self-Made Billionaires and Tech Innovators

Venture capitalists aren't looking for nice founders; they want risk-takers. Nate Silver highlights that 70% of the billionaires on the 2023 Forbes 400 list are self-made, often coming from modest backgrounds. Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!  Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

28 Sep 20245min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
elbilsveckan
bilar-med-sladd
market-makers
skogsforum-podcast
rss-laddstationen-med-elbilen-i-sverige
bosse-bildoktorn-och-hasse-p
natets-morka-sida
rss-technokratin
developers-mer-an-bara-kod
rss-elektrikerpodden
ai-sweden-podcast
hej-bruksbil
mediepodden
rss-veckans-ai
bli-saker-podden
rss-uppgang-och-fall
rss-it-sakerhetspodden
rss-snacka-om-ai