Tag: problem | Page 2

Another Problem With Generative AI: Criminal Hacking

August 16, 2023/in Computer Security

There have been reasons to be wary of using generative AI, such as ChatGPT or the offerings from Google or Microsoft, in commercial real estate. Not that it’s automatically beyond the pale of reasonable and prudent professionals in the industry, but there can be sneaky challenges.

For example, it can be dangerous in creating CRE legal documents or can stumble into the so-called hallucination problem, as the Associated Press reported, in which the software can at times make up things because it doesn’t think, it just looks for connections of words without a concept of what they mean together. As Emily Bender, a linguistics professor and director of the University of Washington’s Computational Linguistics Laboratory, told AP, the problem might not be fixable. “It’s inherent in the mismatch between the technology and the proposed use cases,” she said.

Now there’s another area of concern: cybersecurity. People have found ways to break into almost any type of software that is connected to or uses things from the Internet. AI chat bots are no exception. Recently, at the annual ‘Black Hat’ cybersecurity conference (more formally DefCon but black hat being slang for hackers working outside of the law), there was a lot of attention focused on AI and security issues, as Fortune reported.

Findings won’t be public until next February, but 2,200 competitors were all trying to find problems in the eight chatbots with the largest market share.

“It’s tempting to pretend we can sprinkle some magic security dust on these systems after they are built, patch them into submission, or bolt special security apparatus on the side,” the story quoted cybersecurity expert Gary McGraw who is a co-founder of the Berryville Institute of Machine Learning.

But the overall answer was the temptation is badly based. Other experts said that the current state was like computer security in the 1990s, which means young, undeveloped, and likely prone to easy exploits.

“Tom Bonner of the AI security firm HiddenLayer, a speaker at this year’s DefCon, tricked a Google system into labeling a piece of malware harmless merely by inserting a line that said, ‘this is safe to use,’” the…

Source…

Yes, Ransomware is Still a Huge Problem

July 25, 2023/in Internet Security

Ransomware has been a growing plague on businesses for nearly a decade. And data shows it is increasing. New research from Sophos finds 76% of ransomware attacks resulted in the criminals successfully encrypting data. This is the highest rate of data encryption from ransomware since Sophos began its annual State of Ransomware reports in 2020.

The latest edition of the report debunks the idea that ransomware is holding steady or even declining. In fact, 67% of organizations were hit by ransomware in 2022. This reveals rates of encryption have returned to very high levels after a temporary dip during the pandemic, as crews have refined their methodologies of attack.

“The bottom line is there are so many poorly defended targets there is endless supply,” said Chester Wisniewski, field chief technology officer at Sophos. “Ransomware gangs aren’t doing anything sophisticated. People are just so poorly defended and almost all victims are badly patched.”

Data encryption from ransomware is at the highest level in four years, according to the report. In 30% of cases where data was encrypted, data was also stolen, suggesting this “double dip” method (data encryption and data exfiltration) is becoming commonplace for ransomware gangs.

Paying the ransom? Then expect to pay more overall

While many organizations panic in an attack and pay the ransom, hoping to avoid too much damage, the study finds that is a bad idea. The research reveals that 46% of respondents who were victims of data encryption in an attack paid the ransom and got data back. But those victims that paid the ransom to get their data back saw their non-ransom recovery costs double ($750,000 in recovery costs versus $375,000 for organizations that used backups to get data back). Wisniewski said it is important to note that figure does not include the ransom cost, so victims end up paying much more once the dollar amount of the ransom is factored in.

Paying the ransom usually leads to longer recovery times. The report reveals 45% of victims that used backups recovered within a week, compared to just 39% of those that paid the ransom.

“The increase in cost for many can partly be attributed…

Source…

TikTok has a China problem. Here’s how to protect your data.

June 29, 2023/in Mobile Security

TikTok is especially popular with teens.

I’ve been saying it for months: Get TikTok off your phone.

It’s not the only China-based app you need to worry about. Temu, the app that lets you “shop like a billionaire,” isn’t worth the deals.

Here’s why – and what to do if you’ve been using it.

That’s not all. Here’s a list of dangerous apps you need to delete ASAP.

If you still want to use TikTok, you can without handing over all your information to communist China.

Why not just use the app?

Plain and simple, TikTok is a national security threat. The Chinese-owned social media platform’s parent company ByteDance is based in Beijing and is required by Chinese law to give the government access to collected data.

TikTok collects data that includes search and browsing history, facial ID, voice prints, texts, location, and photos.

Though government agencies and even the entire state of Montana have banned the social media app, it’s still incredibly popular – used by about two-thirds of teens in the U.S.

Want my tech smarts straight to your inbox? Less than 5 minutes a day and loved by 400K readers.Sign up for free.

What are your options?

Browsing TikTok on the web won’t cut it. There’s still a significant amount of tracking.

Your best buy is buying a low-cost smartphone, sometimes called a burner phone. You don’t need anything fancy since this is just for social media. A super basic cheap Android phone works just fine.

Turn on the phone and set it up, but here’s the trick: Don’t link it to any of your primary accounts.

Start fresh

Do not log into your Google account, Apple ID, company email, personal email, or anything else. Certainly, don’t give it access to any sensitive personal or financial information.

Create a new email account just for this phone – and your TikTok account. That way, even if TikTok (or any other app) collects data from your device, it won’t be tied to your actual personal information.

Source…

Everyone is selling VPNs, and that’s a problem for security

June 5, 2023/in Computer Security

Whatever YouTube rabbit hole you’ve spiraled down lately — gaming playthroughs, political commentary, niche eight-hour video essays — you’ve encountered an ad for virtual private network, or VPN, services. The influencers promise military grade encryption and streaming content from anywhere as long as you use code FOLLOWME10 at checkout so that they get their cut.

It’s not just anecdotal that VPN ads are everywhere on YouTube. Since the beginning of 2016, VPN companies have collectively sponsored about 247,000 YouTube videos, according to Daniel Conn, co-founder of influencer marketing consulting firm ThoughtLeaders. Almost none came up before then, signaling rapid growth as both influencer marketing and VPN companies took off.

For the YouTubers, it’s a lucrative and consistent way to fund their aspirations; for VPN providers, it’s helping to bring the obscure security product into the mainstream. But for the casual viewer, the sharp spike in VPN ads adds to the confusion and jargon around cybersecurity — and it could be misleading us on how secure we really are.

“If you do think of it like education, it might be the most pervasive form of security education out there,” said Dave Levin, assistant professor in computer science at the University of Maryland.

Researchers at the University of Maryland took a random sample of those hundreds of thousands of ads to better understand what these influencers are saying about security. While not explicitly inaccurate, most of the ads featured vague or exaggerated claims on what VPNs could do, according to Michelle Mazurek, also an associate professor in computer science at the university.

All a VPN can really do is mask your IP address and the identity of your computer on the network by creating an encrypted “tunnel” that prevents your internet service provider from accessing data about your browsing history. They can’t keep your identity secret, protect from financial exploitation, offer “military-grade encryption” or other marketing terms these companies use. Military-grade encryption refers to AES-256, but that’s become an industry standard, and won’t protect you from security threats like phishing attacks.

Source…

Tag Archive for: problem