Unsupervised Learning: No. 187
Unsupervised Learning22 Juli 2019

Unsupervised Learning: No. 187

Lots of people in the security community went silly over the FaceApp application last week, basically saying that you shouldn't be using the application because they'll steal your face and then be able to impersonate you. Oh, and then it turned out to be a Russian company who put out the application, and that made it 100x worse. The problem here is the lack of Threat Model Thinking. When it comes to election security, propaganda discussions, etc., I am quite concerned about Putin's willingness and ability to harm our country's cohesion through memes and social media. But that does not extend to some random company stealing faces. Why? Because before you can get legitimately concerned about something, you have to be able to describe a threat scenario in which that thing becomes dangerous. As I talked about in this piece, pictures of your face are not the same as your face when it comes to biometric authentication. There's a reason companies need a specific device, combined with their custom algorithm, in order to enroll you in a facial identification system. They scan you in a very specific way and then store your data (which is just a representation, not your actual face) in a very specific way. Then they need to use that same exact system to scan you again, so they can compare the two representations to each other. That isn't happening with random apps that have pictures of you. And even if that were the case, they could just get your face off your social media, where those same people who are worried are more than happy to take selfies, put their pictures on profile pictures, and make sure as many people see them as possible. There are actual negative things that can be done with images (like making Deepfakes of you), and that will get easier over time, but the defense for that is to have zero pictures of you…anywhere. And once again you have to ask who would be doing that to you, and why. Bottom line: authentication systems take special effort to try to ensure that the input given is the same as the enrollment item, e.g., (face, fingerprint, etc.), so it will not be easy any time soon to go from a random picture to something that can full a face scanner or fingerprint reader at the airport. People reading this probably already know this, but spread the word: threat modeling is one of our best tools for removing emotion from risk management.

A contractor named SyTech that does work with Russian FSB has been breached, resulting in the release of 7.5TB of data on the FSB's various projects. This is obviously embarrassing for SyTech and the FSB, but the leaked projects focused on de-anonymization, spying on Russian businesses, and the project to break Russia away from the Internet, which are all known and expected efforts. So there don't seem to be any big reveals as a result of the leak. More

Someone discovered that a bunch of browser extensions were reading things they shouldn't be, and sending them out to places they shouldn't be. This is not surprising to me. Chrome extensions are like Android apps, which should tell you all you need to know about installing random ones that seem interesting. My policy on browser extensions is extremely strict for this reason. People need to understand how insane the entire idea of the modern web is. We're visiting URLs that are executing code on our machines. And not just code from that website, but code from thousands of other websites in an average browsing session. It's a garbage fire. And the only defense really is to question how much you trust your browser, your operating system, and the original site you're visiting. But even then you're still exposing yourself to significant and continuously-evolving risk when you run around clicking things online. And the worst possible thing you can do in this situation is install more functionality, which gives more parties, more access, to that giant stack of assumptions you're making just by using a web browser. The best possible stance is to have as few people possible with access to your particular dumpster. And that means installing as few highly-vetted add-ons as possible. More

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

AI Comedians by 2026? The Future of Comedy and the Turing Test for Laughter

AI Comedians by 2026? The Future of Comedy and the Turing Test for Laughter

Comedians are increasingly using AI to help write jokes and brainstorm ideas, with mixed results. I think this is similar to the Turing Test in terms of the importance of AI progress. If AI can write a full set of comedy and make humans laugh, that’s f*cking huge. Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

27 Sep 20244min

The Alarming Power of Deepfakes

The Alarming Power of Deepfakes

Trump shared a fake image of Harris speaking at a Communist event. This one looks fairly fake, but 1) lots of people will still believe it’s real, and 2) current tech can already make more believable ones.  Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!  Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

26 Sep 20246min

UL NO. 451: Altman Says ASI in "Thousands of Days"

UL NO. 451: Altman Says ASI in "Thousands of Days"

A new Fabric web app called FabricUI!, Many AI Eyes, PagerAttack Analysis, a new Ripgrep, and more... Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

26 Sep 202431min

Russia Is Paying Right Wing Influencers?

Russia Is Paying Right Wing Influencers?

A whole bunch of right-wing influencers received millions from Russia in return for promoting pro-Russian talking points. Hilarious to me since their whole narrative is to be skeptical and discerning. Except when it comes to obvious Russian propaganda. Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

25 Sep 20247min

This Is The Future Career For Creators - Virtual Realities, Economies, and Meaning

This Is The Future Career For Creators - Virtual Realities, Economies, and Meaning

The more I think about it, the more I think a major career for creators going forward will be building entire realities for people to live inside of. So think post-AG/SI and post UBI, and where games are extraordinarily immersive. I think there will be a huge market for creative people building the story lines and stat systems and look and feel of entire worlds that people will live inside of for a period of years at a time. Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

24 Sep 20248min

My First Thoughts on New OpenAI Strawberry Model ( OpenAI o1-preview)

My First Thoughts on New OpenAI Strawberry Model ( OpenAI o1-preview)

Here are my first thoughts after using OpenAI's New Strawberry Model for a couple of hours Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Sep 202422min

UL NO. 450: Thoughts on o1-preview and the Path to AGI

UL NO. 450: Thoughts on o1-preview and the Path to AGI

80% Chinese Cranes, Drones vs. Abrahams, a RAG kickstart, a Canary-based Security Maturity Model, and more... Check out Wiz for a Free Could Security Scan:https://www.wiz.io/ul Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

17 Sep 202424min

A Conversation with Shiladitya Sircar from BlackBerry on DeepFake Threats

A Conversation with Shiladitya Sircar from BlackBerry on DeepFake Threats

In this conversation, I speak with Shiladitya Sircar, Senior VP of Product Engineering and Data Science at BlackBerry. We talk about: The Rise of Deepfakes and Cyber ThreatsInnovation Meets Malicious Intent: Deepfakes are not just a tech novelty; they’re a growing threat. From text-based phishing to hyper-realistic fake videos and audio, the landscape of cyber threats is evolving rapidly. Deepfake technology can clone voices, making it easier for cybercriminals to impersonate individuals and bypass security measures. Understanding Identity CompromiseVoice Cloning Dangers: Our brains are wired to trust familiar voices, making voice cloning particularly insidious. We share a chilling story about a cybercriminal impersonating Ferrari’s CEO. The attacker’s deepfake was so convincing that it almost led to a major scam. The Impact on TrustEroding Trust in Systems: Deepfakes can undermine trust in institutions and systems, much like traditional scams but with a high-tech twist. Beyond individual attacks, deepfakes can manipulate public opinion and even influence elections. Organizations need to train employees to spot deepfakes, and there’s a pressing need for laws that specifically address deepfakes and identity spoofing. And more Intro (00:00:00)Main Cyber Threats from Deepfakes (00:00:56)Identity Compromise Explained (00:02:47)Impact of Deepfakes on Trust (00:06:23)Deepfakes in Attack Chains (00:08:15)Case Studies of Deepfake Attacks (00:09:41)Emerging Threat Landscape (00:13:56)Defending Against Deepfake Attacks (00:15:07)Regulatory Frameworks Needed (00:16:28)The Role of Education and Technology (00:18:57)Future of Content Authenticity (00:20:53)Legislation and Authenticity Mechanisms (00:22:04)Real-Time Deepfake Validation (00:23:18)Government and Industry Partnership (00:24:07)Media Forensic Research (00:24:23)Zero Knowledge Proofs (00:25:36)Content Provenance and Authenticity (00:26:52)Trust Network Expansion (00:28:00)Puppeteering Technology (00:29:20)Stream Authentication Challenges (00:30:21)Hardware-Level Trust (00:32:00)Fragmentation in Standards (00:32:29)Trust in Communication Protocols (00:33:51)Collaboration for Solutions (00:35:22)Apple's Unique Position (00:36:47)Erosion of Trust (00:37:31)AI Agents for Detection (00:38:11)Short-term and Long-term Solutions (00:38:45)Awareness and Education (00:41:23)Predictions for Deepfake Technology (00:41:48)Community Action Against Deepfakes (00:43:09)Learning More About BlackBerry's Work (00:43:29)Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

17 Sep 202444min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
elbilsveckan
bilar-med-sladd
market-makers
skogsforum-podcast
rss-laddstationen-med-elbilen-i-sverige
bosse-bildoktorn-och-hasse-p
natets-morka-sida
rss-technokratin
developers-mer-an-bara-kod
rss-elektrikerpodden
ai-sweden-podcast
hej-bruksbil
mediepodden
rss-veckans-ai
bli-saker-podden
rss-uppgang-och-fall
rss-it-sakerhetspodden
rss-snacka-om-ai