Tag Archive for: defcon

How did DefCon hackers do against AI chatbots?


BOSTON — White House officials concerned by AI chatbots’ potential for societal harm and the Silicon Valley powerhouses rushing them to market are heavily invested in a three-day competition ending Sunday at the DefCon hacker convention in Las Vegas.

Some 3,500 competitors have tapped on laptops seeking to expose flaws in eight leading large-language models representative of technology’s next big thing. But don’t expect quick results from this first-ever independent “red-teaming” of multiple models.

Findings won’t be made public until about February. And even then, fixing flaws in these digital constructs — whose inner workings are neither wholly trustworthy nor fully fathomed even by their creators — will take time and millions of dollars.

Current AI models are simply too unwieldy, brittle and malleable, academic and corporate research shows. Security was an afterthought in their training as data scientists amassed breathtakingly complex collections of images and text. They are prone to racial and cultural biases, and easily manipulated.

“It’s tempting to pretend we can sprinkle some magic security dust on these systems after they are built, patch them into submission, or bolt special security apparatus on the side,” said Gary McGraw, a cybsersecurity veteran and co-founder of the Berryville Institute of Machine Learning. DefCon competitors are “more likely to walk away finding new, hard problems,” said Bruce Schneier, a Harvard public-interest technologist. “This is computer security 30 years ago. We’re just breaking stuff left and right.”

Michael Sellitto of Anthropic, which provided one of the AI testing models, acknowledged in a press briefing that understanding their capabilities and safety issues “is sort of an open area of scientific inquiry.”

Conventional software uses well-defined code to issue explicit, step-by-step instructions. OpenAI’s ChatGPT, Google’s Bard and other language models are different. Trained largely by ingesting — and classifying — billions of datapoints in internet crawls, they are perpetual works in progress, an unsettling prospect given their transformative potential for humanity.

After…

Source…

DEF CON Safe Mode Demo Labs – Ajin Abraham – Mobile App Security Testing with MobSF



DARPA's Cyber Grand Challenge: Expanded Highlights from the Final Event



After Trump tweets Defcon hacking video, voting security experts call BS


After Trump tweets Defcon hacking video, voting security experts call BS

Getty Images

As President Trump continues to make unfounded claims of widespread election fraud, 59 of the world’s foremost experts on electronic voting are hitting back, saying that recent allegations of actual voting machine hacking “have been unsubstantiated or are technically incoherent.”

Monday’s letter came after almost two weeks of baseless and unfounded claims from Trump and some of his supporters that this month’s presidential election had been “rigged” in favor of President-elect Joe Biden. On Thursday, Trump started a new round of disinformation when he took to Twitter to say that polling machines made by Dominion Voting deleted 2.7 million Trump votes around the country.

Vulnerabilities aren’t exploits

Over the weekend, Trump tweeted a video from last year’s Defcon hacker convention. It showed attendees participating in an event called the voting machine hacking village. Organizers of the event held it to raise awareness about the importance of security in electronic voting. Some of the event organizers were beside themselves that Trump was using the video as innuendo that voting machine hacking played a role in the results of this month’s election, or in any election ever, for that matter.

“Anyone asserting that a US election was ‘rigged’ is making an extraordinary claim, one that must be supported by persuasive and verifiable evidence,” the computer scientists wrote. “Merely citing the existence of technical flaws does not establish that an attack occurred, much less that it altered an election outcome. It is simply speculation.”

The letter continued:

The presence of security weaknesses in election infrastructure does not by itself tell us that any election has actually been compromised. Technical, physical, and procedural safeguards complicate the task of maliciously exploiting election systems, as does monitoring of likely adversaries by law enforcement and the intelligence community. Altering an election outcome involves more than simply the existence of a technical vulnerability.

We are aware of alarming assertions being made that the 2020 election was “rigged” by exploiting…

Source…