This is pretty cool. I think this is the first time I've linmked to something from the "Today" show, but it is cool.
Thursday, April 18, 2024
The scaffolding is coming down on Notre Dame de Paris
Remember the FISA renewal vote?
You know, the one today? Guess what?
It's actually got new stuff in it - and you are now required to spy for Uncle Sam.
Yes, you. But fear not, Citizen: NSA no doubt will be responsible in how they use this.
Wednesday, April 17, 2024
Great
AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.
In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists – Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang – report that OpenAI's GPT-4 large language model (LLM) can autonomously exploit vulnerabilities in real-world systems if given a CVE advisory describing the flaw.
"To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the CVE description," the US-based authors explain in their paper.
"When given the CVE description, GPT-4 is capable of exploiting 87 percent of these vulnerabilities compared to 0 percent for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit)."
A "Day Zero" vulnerability is a security bug for which there is no patch available. "Day One" vulnerabilities are those where a patch is available but where it hasn't been applied yet. It is considered industry best practice to patch high risk and critical security bugs within 30 days. This may blow that out of the water.
This is pretty bad news.
Monday, April 15, 2024
Light posting
We have family visiting, so I've been busy taking grand kids to the beach.
Posting will be light for a couple more days. Go check out the folks on the sidebar.
Friday, April 12, 2024
How do you find "Global Warming" when there's no actual warming?
You change the data. The world's oldest continuous temperature database is the Central England Temperature record which dates to 1659 (!). The CET has been recently updated to version 2. And along the way, something really interesting happened:
This is the year-by-year change that was introduced in V2. You can see kind of random up/down adjustments for hundreds of years right up until 1970. Then you see massive adjustments. The upward warming trend from 1970 to the present day is not due to the data as read, but rather to the (made up) adjustments to the data.
Conclusion: Man-made Global Warming is confirmed!* But it's not observable in real life, but only in computer print outs ...
I'm well past the point of giving the benefit of the doubt to the "Scientists" who do this (and have done this for ages, all over the world). Now the only explanation that makes sense is that Government wants to scare everyone with "Climate Change" and Scientists are giving governments what they paid for.
Back in the real world, we're still not seeing new high temperature records being set, even with each year as "one of the 10 hottest in the last 1000 years". The highest temperature ever recorded in these United States was in 1913, 111 years ago. That's some righteous warming that we're seeing right here.
Go read the very first link at the top of this post, which also delves into just how dodgy the data inputs are (poorly sited weather stations recording heat from RAF jets). Just like the US Surface Stations Project, he shows that the weather stations in Blighty are not fit for purpose. So bad in fact that the stations are trying to detect a warming signal of 0.1 degree/decade when the margin of error of the station is 4 or 5 degrees.
There's a reason that I have a post tag here called Climate Bullshit. And there's a reason that I don't post much anymore about Climate "Science" - it makes me grumpy.
Hat tip to Perry de Havilland at Samizdata.
* The chart there from the US Government weather bureau NOAA is essentially identical to the one shown above for CET. This game is being played everywhere.
Thursday, April 11, 2024
Security is hard, vol CCLVI
Act the first: Web Security organization suffers data breach:
A misconfigured MediaWiki web server allowed digital snoops to access members' resumes containing their personal details at the Open Web Application Security Project (OWASP) Foundation.
...
"If you were an OWASP member from 2006 to around 2014 and provided your resume as part of joining OWASP, we advise assuming your resume was part of this breach," OWASP said in a Good Friday notification posted on its website.
"We recognize the significance of this breach, especially considering the OWASP Foundation's emphasis on cybersecurity," it added.
Yup. This shows just how hard security is - OWASP is full to the brim with folks who (a) understand the importance of security, (b) know how to implement security (well, most of the time), and (c) have a lot of reputation at stake. That reputation took a hit here.
Act the second: OPSEC is a bitch, even for secret squirrels:
Protecting your privacy online is hard. So hard, in fact, that even a top Israeli spy who managed to stay incognito for 20 years has found himself exposed after one basic error.
The spy is named Yossi Sariel allegedly heads Israel's Unit 8200 – a team of crack infosec experts comparable to the USA’s National Security Agency or the UK’s Government Communications Headquarters. Now he's been confirmed as the author of a 2021 book titled "The Human Machine Team" about the intelligence benefits of pairing human agents with advanced AI.
Sariel – who wrote the book under the oh-so-anonymous pen name “Brigadier General YS” – made a crucial mistake after an investigation by The Guardian which found an electronic copy of Sariel's book available on Amazon "included an anonymous email that can easily be traced to Sariel's name and Google account.”
...Being outed after more than 20 years of anonymity isn't optimal for someone who's supposed to be a top spy
Yup. And while it's tempting to roll your eyes and chorus Top. Men., remember that this is how they nabbed Ross Ulricht, a.k.a. The Dread Pirate Roberts from The Silk Road.
Yeah, OPSEC is a stone cold bitch of a problem. You have to be right 100% of the time, and dropping that to 99.99% means that you lose.
Wednesday, April 10, 2024
Monday, April 8, 2024
Subscribe to:
Posts (Atom)