Unsupervised Learning

Curation and analysis of the most interesting stories in security, technology, and humans.

Security News

GitHub survived the largest DDoS attack ever, which leveraged internet-facing Memcache servers, thanks to Akamai's Prolexic offering. Link

It appears that Israeli company, Celebrite, may have 0-day vulnerabilities for more modern iPhone and iOS versions, although it's not clear what all they can actually do. They might just have the ability to brute force without lockout, or they could have deeper bypasses. Link

A group of AI researchers have released a report detailing their security concerns regarding AI development. Concerns include automated phishing, vulnerability discovery, adversarial examples, propaganda, swarming, dissent removal, and others. Link

Palantir has been doing predictive policing in New Orleans, and very few in city management knew about the project. Link

A vulnerability in Grub allows you to get into any Grub-based Linux system without authentication by simply hitting the backspace 28 times. Link

Purdue researchers have released 10 new attacks against 4G networks, including one that allows people to spoof their location. Link

A number of U.S. lawmakers are looking to build the Space Corps, which is basically a new branch of the military for space operations. Link

Amazon won a $1 billion dollar deal to provide cloud services to Defense Department. Link

Patching: HP Lights Out, SAML, Grub

Technology News

🤖 20 U.S. trained lawyers competed against an AI to find risks in everyday business contracts, and the AI won. The scariest part? It took the lawyers an average of 92 minutes to review the multiple pages of content, and it only took the AI 26 seconds. Link

Amazon bought Ring in order to penetrate into the home security market. Link

BMW is looking to let owners unlock their cars using their phones. Link

DoorDash seems to be winning the food delivery game, and they just raised another $554 million and are now valued at $1.4 billion. Anecdotally, I'm seeing them all over the Bay Area now, and I'm not seeing anyone else. Link

A number of Android phones have just been released that have copied the iPhone X's notch. The way I process this is that the iPhone is so successful that people will not only copy its strengths, but they'll also copy its weaknesses. If the iPhone twisted its ankle, other phones would start limping to look like they did as well. Link

An AI has learned how to improve the brain's memory by hitting it with repetition at the perfect moment. Link

Human News

California has approved driverless cars without someone behind the wheel. Link

Scientists appear to have just observed the most distant astronomical observation ever made. Link

The Secret Service did a study a while back on the trends in school shootings, and they're being looked at again after the Parkland attack. The takeaways were both obvious and useful. Link

MIT put out a study saying Uber and Lyft drives make less than half of minimum wage. Uber's economist said he interpreted the survey data incorrectly, and the author of the study is going to release an update this week. Even if he ups it by double it'd still just be minimum wage, which is way less than what most Uber drivers probably think they make. Link

China has had an interesting week. They banned the letter "N" for a while, they're removing their president's term limits, and they outlawed Animal Farm.

Ideas, Trends, & Analysis

🔥 When Companies Stop Caring About Data Loss, Risk Will be Resilience-based and Focused on Business Disruption and Human Safety Link

Safe Schools Are a New Luxury Because Now Only the Rich Can Afford Stable, Present Families Link

Apple is launching its own medical clinics for its employees. I think this is really cool, but I can't help but see it as another step towards elite services for the privileged while the masses are left with far worse. So, better schools, you're bused to and from work, you have the best salaries and benefits, and you have your own healthcare system. At some point it'll just be segmented miniature cities where you need your employee pass to even enter, and they'll have all the schools, the shopping, the healthcare, and everything you'd need inside. Crime will be virtually non-existent, and service workers would be brought in, monitored, and then shipped out once their shifts are done. I love the idea of these elite services, but I don't like thinking about the gap between them and what everyone else will have. Link


A practical developer guide to GDPR. Link

Web Scraping with Python and Beautiful Soup. Link

Red Team Laptop & Infrastructure Link

Prowler — An AWS Security Benchmarking Tool Link

DNSTrails — Find DNS history information for a domain (great for bypassing cloud WAFs by going to the origin server directly). Link

10 Docker security tips. Link

The Bug Hunter's Methodology 2.1 — My buddy Jason's recently updated bug hunter methodology. Simply the best web testing content out there, period. Link

InfoSec Writeups — A Medium page just for bounty and CTF writeups. Link

Bettercap 2.0 — A better Bettercap. Link

PassHunt — Search for default credentials for over 520 vendors. Link

OSS-Fuzz — Continuous fuzzing for Open Source Software Link

Data & Statistics

68% of Americans are Facebook users. 94% of 18-24 year-olds are YouTube users. 78% of 18-24 year-olds are Snapchat users. Link

Almost half of last year's ICOs have already failed. Link

The Apple Watch outsold all competitors combined in 2017. Link

If you know an American male who is at least 7 feet tall, there's a 17% chance he's in the NBA. Link


This is the last week I'm doing the weekly newsletter to everyone. From now on it's twice a month for everyone and weekly only for members. To continue getting it every week, sign up here! Thank you for all your feedback on this!

The Master Algorithm, by Pedro Domingos was spectacular. Finally finished it. Link

I just merged a bunch of pull requests into the SecLists project, and we're preparing for a major overhaul of the project this year. Link


Pass this link to your developers, managers, and lawyers who are involved in GDPR. Link


“Data without generalization is just gossip”.

~ Robert Pirsig

No sponsors. No ads. Just you…

I spend between 5 and 20 hours on the show every week, and if you get value from it, please consider becoming a supporting member for just $5/month.

Members get the newsletter every week and can submit AMA questions, while free subscribers get the newsletter twice a month.


Thank you,

Email a friend about Unsupervised Learning...


: :

Copyright © 2018 Daniel Miessler, all rights reserved.

Click here to stop receiving the Unsupervised Learning Newsletter.