Tag Archive for: cutting

DEF CON Generative AI Hacking Challenge Explored Cutting Edge of Security Vulnerabilities

/in


Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI.

AI generated image of a hacker in front of a laptop.
Image: AVC Photo Studio/Adobe Stock

OpenAI, Google, Meta and more companies put their large language models to the test on the weekend of August 12 at the DEF CON hacker conference in Las Vegas. The result is a new corpus of information shared with the White House Office of Science and Technology Policy and the Congressional AI Caucus. The Generative Red Team Challenge organized by AI Village, SeedAI and Humane Intelligence gives a clearer picture than ever before of how generative AI can be misused and what methods might need to be put in place to secure it.

Jump to:

Generative Red Team Challenge could influence AI security policy

The Generative Red Team Challenge asked hackers to force generative AI to do exactly what it isn’t supposed to do: provide personal or dangerous information. Challenges included finding credit card information and learning how to stalk someone. The AI Village team is still working on analyzing the data that came from the event and expects to present it next month.

This challenge is the largest event of its kind and one that will allow many students to get in on the ground floor of cutting-edge hacking. It could also have a direct impact on the White House’s Office of Science and Technology Policy, with office director Arati Prabhakar working on bringing an executive order to the table based on the event’s results.

Organizers expected more than 3,000 people would participate, with each taking a 50-minute slot to try to hack a large language model chosen at random from a pre-established selection. The large language models being put to the test were built by Anthropic, Cohere, Google, Hugging Face, Meta, NVIDIA, OpenAI and Stability. Scale AI developed a scoring system.

“The diverse issues with these models will not be resolved until more people know how to red team and assess them,” said Sven Cattell, the founder of AI Village, in a press release. “Bug bounties, live hacking events and other standard community engagements in security can be modified for machine learning model-based systems.”

SEE: At Black…

Source…

T-Mobile’s New Data Breach Shows Its $150 Million Security Investment Isn’t Cutting It

/in


Yesterday, mobile giant T-Mobile said that it suffered a data breach beginning on November 26 that impacts 37 million current customers on both prepaid and postpay accounts. The company said in a US Securities and Exchange Commission filing that a “bad actor” manipulated one of the company’s application programming interfaces (APIs) to steal customers’ names, email addresses, phone numbers, billing addresses, dates of birth, account numbers, and service plan details. The initial intrusion occurred at the end of November, and T-Mobile discovered the activity on January 5.  

T-Mobile is one of the US’s largest mobile carriers and is estimated to have more than 100 million customers. But in the past 10 years, the company has developed a reputation for suffering repeated data breaches alongside other security incidents. The company had a mega breach in 2021, two breaches in 2020, one in 2019, and another in 2018. Most large companies struggle with digital security, and no one is immune to data breaches, but T-Mobile seems to be approaching companies like Yahoo in the pantheon of repeated compromises.

“I’m certainly disappointed to hear that, after as many breaches as they’ve had, they still haven’t been able to shore up their leaky ship,” says Chester Wisniewski, field chief technical officer of applied research at the security firm Sophos. “It is also concerning that the criminals were in T-Mobile’s system for more than a month before being discovered. This suggests T-Mobile’s defenses do not utilize modern security monitoring and threat hunting teams, as you might expect to find in a large enterprise like a mobile network operator.”

Because of limits on the API (an interface that facilitates communication between two software programs), the attacker did not gain access to Social Security numbers or tax IDs, driver’s license data, passwords and PINs, or financial information like payment card data. Such data has been compromised in other recent T-Mobile breaches, though, including one in August 2021. In July 2022, T-Mobile agreed to settle a class action suit about that breach in a deal that included $350 million to customers. At the time, the company also committed to a…

Source…

Google has second thoughts about cutting cookies, so serves up CHIPs • The Register

/in


Last week, third-party cookies received a stay of execution from Google that will allow them to survive until late 2023 – almost two years beyond their previously declared decommission date. But the search-ads-and-apps biz is already planning a resurrection of sorts because third-party cookies are just too useful.

The Chocolate Factory envisions a lesser form of third-party cookie, one that in theory won’t be used for tracking but will be able to support other more acceptable use cases. Google software engineer Dylan Cutler and engineering manager Kaustubha Govind call their confection “partitioned cookies” in a Web Platform Incubator Community Group proposal called “CHIPs.”

Cookies are files that web applications can set in web browsers to store data. They have legitimate uses, like storing data related to the state of the application (e.g. whether you’re logged in), and they can also be used for tracking people across websites.

Third-party cookies – set by scripts that interact with third-party servers – track people by storing a value on one website and then reading that value on another website that implements a similar third-party script. The third-party service in this case then knows all the websites running their script that were visited by the tracked individual.

That’s the sort of privacy-invading behavior that led browser makers like Apple, Brave, Mozilla, and others to block third-party cookies by default. But doing so has created problems by interfering with applications that rely on third-party cookies to deliver services across domain contexts.

The browser security model is based on the distinction between first-party and third-party contexts. When an individual visits a specific web domain, that domain operates in a first party context; services available at other domains are considered third-party and face various limitations on what they can do.

Source…

Cord Cutting Is Setting Records In 2019

/in

Remember cord cutting? The trend that cable and broadcast execs and countless sector analysts spent years claiming either wasn’t real, or didn’t matter because it would end once Millennials started procreating?

Well it’s still very real, and once again the rate of traditional TV cancellations is setting records. The second quarter is looking to be particularly ugly, with giants like AT&T, Comcast, and Charter Spectrum all seeing record TV subscriber losses on the quarter:

“But so far this quarter Comcast, AT&T and Charter have reported losing more than 1.25 million subscribers. “As a result of this bloodshed, we are estimating that the rate of traditional cord-cutting will reach 5.5% in 2019 (the worst rate it has ever been),” Nathanson said.

“Even adding back virtual MVPD subscribers, the drop will be 2.7%, a new low,” he said, adding “we would expect that this trend will continue to accelerate over the back-end of 2019.”

Again, customers are tired of paying an arm and a leg for a giant bundle of channels they don’t watch. So they’re axing traditional TV and shifting over to streaming video providers the data says not only offer cheaper, more flexible options, but far better customer service. With a number of high-profile streaming options just over the horizon from the likes of Apple and Disney, the trend is only going to accelerate.

And while many traditional cable TV companies have responded to this surge in competitors by offering their own streaming alternatives, that’s no sure thing either. Just ask AT&T, which not only lost 778,000 traditional video users last quarter, but 168,000 subscribers from its streaming video alternative, DirecTV Now. Why? AT&T gobbled up so many companies in its bid to dominate the space, it became one of the most indebted companies in the world. When it raised streaming TV prices to try and recoup some of this debt, customers unsurprisingly headed for the exits.

Of course it’s always worth reiterating that these giant telecom and TV operators have an ace in the hole: the monopoly they hold over broadband access in many markets. Limited competition means they can respond to the loss in video revenue by jacking up the price of broadband. Worse, limited competition means these companies can impose anti-competitive (and utterly technically unnecessary) usage caps and overage fees they’ll often use as a competitive bludgeon. Many of these efforts simultaneously jack up your broadband bill, and punish you should you choose a streaming video alternative to their own TV offerings.

With the recent death of net neutrality, it’s likely there’s a universe of “creative” anti-competitive behaviors these natural monopolies haven’t been able to implement yet. Should the rules not be restored, that’s likely to change quickly over the next few years, and the impact on your bandwidth bill (and the competitive streaming playing field) isn’t likely to be subtle.

Permalink | Comments | Email This Story

Techdirt.