Your Boxing Day IT Privacy and Security Weekly update for the week Ending December 26th. 202312/26/2023 Episode 171 If you missed getting that special someone that special gift, we have more solid ideas for you this week: A concept jet engine and the source code for Grand Theft Auto 5 as possible suggestions. We get some insight on why the compromise of your personally identifiable information is not something to take lightly as well as the world coming to realize that you can build a nuclear program on someone else blockchain. - click on the pic to hear the podcast - We get some great insight on just how easy it is to trick ChatGPT into divulging it’s training data. Then the US government slaps a 5 year ban on Rite Aid for using facial recognition software, just as the UK is sneaking a country wide integration into place. We end this week with something so basic a child could figure it out. And did. Leaving television content producers to catch up from behind. This brings us to the end of a year that has profoundly changed the course of humankind, from the decimation of animal species, to the environment, to each other. Let’s all learn from 2023 and make 2024 so much better. Come on! It’s boxing day and time to reveal your last gift. - click on the pic to hear the podcast - US: A New Type Of Jet Engine That Could Revive Supersonic Air Travel And Be At The Top Of Next Year's Gift List! https://www.economist.com/science-and-technology/2023/12/19/a-new-type-of-jet-engine-could-revive-supersonic-air-travel And for that lucky person last week who was gifted the jet engine: Well ....next year they are going to need something better, faster and more efficient than a Concorde jet engine and afterburner. Well, we found it for you! GE Aerospace, a major jet engine producer, is developing a rotating detonation engine (RDE) with potential applications in missiles, offering improved range and speed. Similarly, Raytheon, under a $29 million contract from America’s Defence Advanced Research Projects Agency, is working on the Gambit RDE. These engines could transcend their missile propulsion role, impacting aviation, potentially reviving supersonic air travel. Unlike conventional engines, RDEs use controlled explosions, employing detonation for a more powerful and efficient thrust. Simplifying the design, RDEs create a self-sustaining detonation, presenting a promising advancement in aerospace technology. So what's the upshot for you? Controlled explosions. That's the way forward in jet engines. - click on the pic to hear the podcast - Global: The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve https://www.bleepingcomputer.com/news/security/gta-5-source-code-reportedly-leaked-online-a-year-after-rockstar-hack/ The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data. Links to download the source code were shared on numerous channels, including Discord, a dark web website, and a Telegram channel that the hackers previously used to leak stolen Rockstar data. In a post to a Grand Theft Auto leak channel on Telegram, the channel owner known as 'Phil' posted links to the stolen source code, sharing a screenshot of one of the folders. So what's the upshot for you? Happy Holidays to the gamers! US: Mint Mobile Discloses New Data Breach Exposing Customer Data https://www.bleepingcomputer.com/news/security/mint-mobile-discloses-new-data-breach-exposing-customer-data/ Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a US-based mobile virtual network operator (MVNO) offering budget, pre-paid mobile plans. T-Mobile has proposed paying $1.3 billion to purchase the company. The company began notifying customers on December 22nd via emails titled "Important information regarding your account," stating that they suffered a security incident and a hacker obtained customer information. "We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information," warns the Mint Mobile data breach notification. "Our investigation indicates that certain information associated with your account was impacted." So what's the upshot for you? For 90% of the population that uses their phones for sms two factor authentication, having your health, personal, and financial information breached, is bearable, but once they get that and your phone data, stealing your identity gets waaaaaay easier. - click on the pic to hear the podcast - US/KP: To Stem North Korea's Missiles Program, White House Looks To Its Hackers https://www.politico.com/news/2023/12/21/north-korea-missiles-program-hackers-00132871 Convinced North Korea primarily sees hacking as a way to funnel money back to the cash-strapped Kim Jong Un regime, the White House has focused on blocking the country's ability to launder the cryptocurrency it steals through its cyberattacks. In the last year, the administration has unveiled a flurry of sanctions against North Korean hacking groups, front companies and IT workers, and blacklisted multiple cryptocurrency services they use to launder stolen funds. Earlier this month, national security adviser Jake Sullivan announced a new partnership with Japan and South Korea aimed at cracking down on Pyongyang's crypto bonanza -- thereby choking off money to its nuclear and conventional weapons programs. "In countering North Korean cyber operations, our first priority has been focusing on their crypto heists," Anne Neuberger, the National Security Council's top cybersecurity official, said in an interview. The stepped-up effort to blunt North Korea's cyber operations is fueled by growing alarm about where the fruits of those attacks are going, Neuberger said. Hacking, she argued, has enabled North Korea to "either evade sanctions or evade the steps the international community has taken to target their weapons proliferation ... their missile regime, and the growth in the number of launches we've seen." So what's the upshot for you? It's pretty amazing when a country can build a whole nuclear program off the back of hacking activities in what? 10 years? Global: ChatGPT Exploit Finds 24 Email Addresses, Amid Warnings of 'AI Silo' https://thehill.com/opinion/technology/4372206-for-microsoft-the-openai-tumult-is-heads-i-win-tails-you-lose/ The New York Times reports: Last month, I received an alarming email from someone I did not know: Rui Zhu, a Ph.D. candidate at Indiana University Bloomington. Mr. Zhu had my email address, he explained, because GPT-3.5 Turbo, one of the latest and most robust large language models (L.L.M.) from OpenAI, had delivered it to him. My contact information was included in a list of business and personal email addresses for more than 30 New York Times employees that a research team, including Mr. Zhu, had managed to extract from GPT-3.5 Turbo in the fall of this year. With some work, the team had been able to "bypass the model's restrictions on responding to privacy-related queries," Mr. Zhu wrote. My email address is not a secret. But the success of the researchers' experiment should ring alarm bells because it reveals the potential for ChatGPT, and generative A.I. tools like it, to reveal much more sensitive personal information with just a bit of tweaking. When you ask ChatGPT a question, it does not simply search the web to find the answer. Instead, it draws on what it has "learned" from reams of information — training data that was used to feed and develop the model — to generate one. L.L.M.s train on vast amounts of text, which may include personal information pulled from the Internet and other sources. That training data informs how the A.I. tool works, but it is not supposed to be recalled verbatim... In the example output they provided for Times employees, many of the personal email addresses were either off by a few characters or entirely wrong. But 80 percent of the work addresses the model returned were correct. The researchers used the API for accessing ChatGPT, the article notes, where "requests that would typically be denied in the ChatGPT interface were accepted..." So what's the upshot for you? "The vulnerability is particularly concerning because no one — apart from a limited number of OpenAI employees — really knows what lurks in ChatGPT's training-data memory." Global: If you got cash as a present for the holidays and are looking for a unique way to blow it..... https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html A team of researchers from Google and several US universities discovered an attack method targeting ChatGPT in November 2023. This unusual technique can extract around a gigabyte of ChatGPT’s training dataset from the model. The researchers prompted the model with the command to repeat a certain word, e.g. ‘poem’ forever, and sat back and watched as the model responded. ChatGPT would repeat the word for a while and start including parts of the exact data it had been trained on including email addresses and phone numbers. In the strongest configuration, over 5% of the output ChatGPT emitted was a direct verbatim 50-token-in-a-row copy from its training dataset. While LLMs should generate responses based on the training data, this training data itself is not meant to be made public. The researchers revealed they spent roughly $200 to extract several megabytes of training data using their method but believe they could have got approximately a gigabyte by spending more money. So what's the upshot for you? Who knows what a few hundred bucks more could have uncovered! US: Rite Aid Banned From Using Facial Recognition Software https://techcrunch.com/2023/12/20/rite-aid-facial-recognition/ Rite Aid, the U.S. drugstore giant, faces a five-year ban on using facial recognition software as the Federal Trade Commission (FTC) slams its "reckless use" that humiliated customers and risked their sensitive information. The FTC's order, pending approval from the U.S. Bankruptcy Court amid Rite Aid's Chapter 11 filing, demands the deletion of collected facial images and associated products. Rite Aid must establish a robust data security program. The FTC's scrutiny followed a 2020 Reuters report exposing the chain's secretive deployment of facial recognition systems, predominantly in lower-income, non-white neighborhoods, resulting in false accusations and privacy breaches. So what's the upshot for you? Rite Aid say they have removed the offending software. UK: UK Police To Be Able To Run Face Recognition Searches on 50 Million Driving Licence Holders https://www.theguardian.com/technology/2023/dec/20/police-to-be-able-to-run-face-recognition-searches-on-50m-driving-licence-holders The police will be able to run facial recognition searches on a database containing images of Britain's 50 million driving license holders under a law change being quietly introduced by the government. Should the police wish to put a name to an image collected on CCTV, or shared on social media, the legislation would provide them with the powers to search driving license records for a match. The move, contained in a single clause in a new criminal justice bill, could put every driver in the country in a permanent police lineup, according to privacy campaigners. Facial recognition searches match the biometric measurements of an identified photograph, such as that contained on driving licenses, to those of an image picked up elsewhere. The intention to allow the police or the National Crime Agency (NCA) to exploit the UK's driving licence records is not explicitly referenced in the bill or in its explanatory notes, raising criticism from leading academics that the government is "sneaking it under the radar." Once the criminal justice bill is enacted, the home secretary, James Cleverly, must establish "driver information regulations" to enable the searches, but he will need only to consult police bodies, according to the bill. So what's the upshot for you? What is going on in the UK? This must make every citizen uncomfortable one way or another. Global: Your Kid Prefers YouTube To Netflix. That's a Problem for Streamers. https://www.wsj.com/business/media/your-kid-prefers-youtube-to-netflix-thats-a-problem-for-streamers-86b132f8 Major streaming services test releasing children's content on YouTube and cut back on fare for kids. Netflix's share of U.S. streaming viewership by 2- to 11-year-olds fell to 21% in September from 25% two years earlier, according to Nielsen. Meanwhile, YouTube's share jumped to 33% from 29.4% over the same period. That reality is changing major streaming services' approach to children's entertainment, from what shows and movies they make to where they release them. Many are pulling back on investments in children's content, and some streamers have started content for young viewers on such platforms as Google-owned YouTube and Roblox. The eight largest U.S. streamers, including Netflix, Warner's Max and Amazon Prime Video, added 53 originals catering to children and families in the first half of the year, down from 135 for the first half of 2022, according to Ampere. That represents a decrease of 61%, compared with a 31% decrease in overall originals across these streamers for the same period. So what's the upshot for you? You only need to flick on the TV (terrestrial or streaming) over the holidays to see why kids (and adults) are being driven to other platforms. The ad breaks are so frequent now you'd be forgiven for thinking you were watching a show about cars with commercials featuring Leonardo Di Caprio on some boat sprinkled in. - click on the pic to hear the podcast - So to recap: If you missed getting that special someone that special gift, we had solid ideas this week: A concept rotating detonation jet engine that flies faster and farther and then the source code for Grand Theft Auto 5. Just think of the possibilities! We had Mint Mobile sharing your data with who know who this week, and the US Feds starting to worry about the application of AI in the use of all the PII that’s been getting loose about us. We have a silly example of a query run repeatedly against ChatGPT that eventually sees it yield its training data as output. We had Rite Aid slapped with a 5-year facial recognition software ban, just as the UK’s wonderfully named home secretary James Cleverly lays tracks for the UK integration of 5 million Driver’s licenses into their own facial recognition database. We ended this week with something so basic a child could figure it out. And did. Leaving television and streaming content producers on the back foot to catch up with YouTube. And our quote of the week — “You can get excited about the future. The past won’t mind.” — Hillary DePian That's it for this week. Stay safe, stay secure, all the best for a great 2024 and we'll see you in se7en! Oh, and we promise no more cats this year!
Joseph
12/26/2023 09:54:36 pm
These news updates are insane. Insane good. Chock full of interesting stories that no one else seems to cover. Great insight, great selection.
Reply
Leave a Reply. |