Tag Archive for: Simple

Simple Hacking Technique Can Extract ChatGPT Training Data

/in


Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web?

The answer is an emphatic yes, according to a team of researchers at Google DeepMind, Cornell University, and four other universities who tested the hugely popular generative AI chatbot’s susceptibility to leaking data when prompted in a specific way.

‘Poem’ as a Trigger Word

In a report this week, the researchers described how they got ChatGPT to spew out memorized portions of its training data merely by prompting it to repeat words like “poem,” “company,” “send,” “make,” and “part” forever.

For example, when the researchers prompted ChatGPT to repeat the word “poem” forever, the chatbot initially responded by repeating the word as instructed. But after a few hundred times, ChatGPT began generating “often nonsensical” output, a small fraction of which included memorized training data such as an individual’s email signature and personal contact information.

The researchers discovered that some words were better at getting the generative AI model to spill memorized data than others. For instance, prompting the chatbot to repeat the word “company” caused it to emit training data 164 times more often than other words, such as “know.”

Data that the researchers were able to extract from ChatGPT in this manner included personally identifiable information on dozens of individuals; explicit content (when the researchers used an NSFW word as a prompt); verbatim paragraphs from books and poems (when the prompts contained the word “book” or “poem”); and URLs, unique user identifiers, bitcoin addresses, and programming code.

A Potentially Big Privacy Issue?

“Using only $200 USD worth of queries to ChatGPT (gpt-3.5-turbo), we are able to extract over 10,000 unique verbatim memorized training examples,” the researchers wrote in their paper titled “Scalable Extraction of Training Data from (Production) Language Models.”

“Our extrapolation to larger budgets suggests that dedicated adversaries could extract far more data,” they wrote. The researchers estimated an adversary could extract 10 times more…

Source…

One simple way to cut ransomware recovery costs in half

/in


ttps://securityintelligence.com/articles/one-simple-way-to-cut-ransomware-recovery-costs-in-half-2/”http://www.w3.org/TR/REC-html40/loose.dtd”>

Whichever way you look at the data, it is considerably cheaper to use backups to recover from a ransomware attack than to pay the ransom. The median recovery cost for those that use backups is half the cost incurred by those that paid the ransom, according to a recent study. Similarly, the mean recovery cost is almost $1 million lower for those that used backups. Despite this fact, the use of backups is actually falling.

This was one of the most prominent findings in the recent Sophos State of Ransomware survey. Let’s take a closer look at the report’s conclusions.

The state of ransomware

Sophos recently published an independent, vendor-agnostic report about the impact of ransomware worldwide. The survey included 3,000 IT and cybersecurity leaders in organizations with between 100 and 5,000 employees across 14 countries in the Americas, EMEA and Asia Pacific. The study was conducted between January and March 2023, and the participants responded based on their experiences over the past year.

According to the report, the rate of attacks stayed constant, with 66% of respondents reporting that they were hit by ransomware during the last year. In 2022, respondents reported the exact same percentage. While this might be a good sign, it’s notable that in 2021 the rate was only 37%.

Does size matter?

The Sophos study revealed a distinct correlation between annual revenue and the chances of being a victim of ransomware. For companies with revenue of $10 to $50 million, 56% experienced a ransomware attack in the last year. Meanwhile, 72% of those with revenue of $5 billion or more were victims of ransomware.

Surprisingly, there was no strong relationship between ransomware attacks and company headcount. The rate of ransomware attacks was consistent, with 62-63% of companies of all sizes experiencing ransomware incidents. The only exception was that companies with 1,001 to 3,000 employees had a 73% rate. One might think that larger workforces would lead to more attacks as the attack surface is larger, but this study did not find that to be the…

Source…

Simple ways to speed up your Android phone

/in


Ever tried to open an app on your phone and had to get up and go to bed before it opened? This is the reality for many Android users, whether it is lag or a slow operating system. Most times individuals believe that the solution to such long hours of loading time is due to a small random memory capacity.

While this may be true, have you noticed that even after getting an Android device with a bigger memory the same event plays out? That is because apart from the RAM’s capacity, there are other pending problems you might not be paying attention to.

However, sometimes your phone’s slow response might also be a hint of a gradually waning panel or a virus. But entertain no fear as we take a look into the simple ways to make your Android load faster.

Check for pending software updates

Have you ever tried to open your apps and see a notification to update the app? Sometimes your device needs to update itself and would prefer it happens with an unrestricted data source.

However, the latest software updates may not always speed up your Android device, Android authority says that “manufacturers often optimize and fine-tune their software over time. A few Android security patches and bug fixes should also improve the overall experience. The same goes for Google Play Services, which is responsible for many modern Android features and receives separate updates via the Play Store”.

It added, “Most Android smartphones check for updates periodically, but only under certain circumstances. To that end, it might be worth manually checking if you’ve missed any updates. Here’s how: Open the Settings app on your phone. Scroll to the bottom and tap on About Device. Tap Software Update and finally, Check for Updates.”

Restart your device occasionally

Sometimes, all you need is to restart your device. Android Authority explains that a slowing computer can be fixed by a simple power cycle. “It is not hard to see why — restarting your device clears previously running apps, background processes, and other things that add up over time. Press and hold your phone’s power button and tap Restart.”

When your phone restarts, it is like forcing it to sleep and…

Source…

Cybersecurity: These simple steps can close the digital door on hackers

/in


Photo courtesy DepositPhotos

Personal accounts can be a gateway for business cyberhackers. Forward-thinking businesses, however, will not leave the door open for them.

Carl Mazzanti

The number of small business data breaches continues to grow and highlights the way cybercriminals can use LinkedIn and other social media profiles as a gateway into businesses, gaining unauthorized access to megabytes of sensitive data. To minimize the risk, business owners should work with their Cyber Security services provider to secure business and personal accounts from hackers.

Mark Zuckerberg found this out the hard way a few years back when a reported LinkedIn hack led to the exposure of a slew of accounts belonging to the Facebook (Meta) CEO. Despite his presumed savvy — after all, he is the world’s No. 1 social media magnate — Zuckerberg reportedly committed a series of fatal errors, including using an easy-to-crack password (dadada) on multiple accounts.

 

Easily guessed passwords can be dangerous

Otherwise-knowledgeable users often do not want to memorize lengthy sign-in codes, and instead seek shortcuts, like using common words, or the same password for more than one account. But hackers are getting more sophisticated —the NSA, FBI, and other security agencies have noted that the Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Center for Special Technologies released new malware targeting Americans and other users — so that is a dangerous practice.

But securing accounts does not have to be complicated. One basic, yet effective measure is Multi-Factor Authentication (MFA). MFA requires at least two independent factors to log into an account. One factor may be a (secure) password, and the second could be a one-time passcode sent to the user’s mobile phone. This way, the account will be safe even if one factor is stolen.

Increasing the length of the initial password or PIN (Personal Identification Number) is another move. Shockingly, 7777 is one of the most common and easily guessed PINs. Since all devices support PINs longer than four digits, adding a few more numbers can make a big difference because of the math involved in guessing them. While…

Source…