SiliconANGLE: Security threats of AI large language models are mounting, spurring efforts to fix them

Posted on September 26, 2023 by dstrom

A new report on the security of artificial intelligence large language models, including OpenAI LP’s ChatGPT, shows a series of poor application development decisions that carry weaknesses in protecting enterprise data privacy and security. The report is just one of many examples of mounting evidence of security problems with LLMs that have appeared recently, demonstrating the difficulty in mitigating these threats. I take a deeper dive into a few different sources and suggest ways to mitigate the threats of these tools in my post for SiliconANGLE here.

SiliconANGLE: This week’s news

Posted on September 20, 2023 by dstrom

Several news developments that I reported on for SiliconANGLE this week:

1Password announced new support for passkeys, sort of. They haven’t completely implemented everything you need to run passkeys for a collection of users (say for a business) in their password manager, but they are trying.
Also, in that same story, I cover Yubico’s going public, Swedish-style. The company has deep roots in that country, and they did it using a SPAC, which is only the second time that has happened in Sweden.
A new study from two Oxford UK companies has found that ChatGPT-4 is quite gender biased. The researchers examined 13 different AI models.
Finally, my report on the various news nuggets coming from the annual Crowdstrike user confab Fal.con (a play on the company’s main product name).

Book review: The Traitor by Ava Glass

Posted on September 19, 2023 by dstrom

The Traitor: A Novel Accidental superspy Emma is back in this second volume, which can be read independently of the author’s first book chronicling her adventures eluding her Russian counterparts. This time she is put on a Russian’s oligarch’s yacht to try to figure out the cause of one of her fellow secret agent’s death in London. Emma is a delightful character and this book adds to her allure as someone who can kick ass when she needs to but still figure out the subtle tells of the spies around her. The yacht is sailing between Monaco and Barcelona and is the site of numerous near-mishaps and espionage moments that are just a joy to read. The supporting cast from the first book is back making the plot points even more compelling. Highly recommended.

Going to a protest? Here is your digital privacy survival kit

Posted on September 18, 2023 by dstrom

If you are thinking of attending a protest, take a few moments to review the EFF’s recommended strategies for protecting your digital assets and privacy in this blog post. It is both an interesting document and a sad testimonial to the state of our present day that the document had to be written at all.

Here is the issue: police are increasingly counting on protesters’ cell phones to be used as evidence, so information on them — your contacts, your photos, your text messages — can be used against you. And not just during protests, either: border crossings can be problematic too. So as the scouts say, be prepared.

The suggestions span the gamut from things to do before you attend a protest, what to do during the protest, and what to do if you are arrested and if your phone and other digital devices are seized. EFF recommends leaving your regular phone at home and buying a burner that just has the Signal messaging app on it; Signal provides end-to-end message encryption, something that I spent some time thinking about. I put together a series of recommendations for business IT managers about how to enable and use this feature across other messaging services for SiliconANGLE earlier this summer.

One of the aspects of Signal is that you can use it to scrub the metadata from your photos. This is important if you intend to post any of the pictures online. You can also take screenshots of your photos if you don’t care about image quality.

There are other helpful suggestions too, such as taking pictures without unlocking your phone, and disabling the facial or fingerprint ID feature, in case a law enforcement officer forces you to unlock it. They explain: “Under current U.S. law using a memorized passcode generally provides a stronger legal footing to push back against a court order of compelled device unlocking/decryption.” They explain the difference between encrypting the data on the phone and encrypting an external SD memory card might require two different steps. And there are numerous suggestions on how to turn off location tracking, Bluetooth, and other radios. That may only be a temporary solution, however: once you turn these radios back on, your phone may send the stored data once you reconnect. The best solution is to turn your phone off entirely.

Finally, they sum everything up with this piece of advice: “It’s important to carry the bare minimum of data with you, and use the strongest level of encryption, when going into a risky situation like a protest.”

SiliconANGLE: California stays ahead on state privacy protection

Posted on September 15, 2023 by dstrom

California has become the latest state to enact a special law regulating how consumers can remove themselves from data brokers. The Delete Act was passed this week and it’s now up to Governor Gavin Newsom to sign it into law. But it has already led to similar laws and bills being proposed in other states in next year’s legislative sessions.

My summary of the past summer’s privacy laws enacted across the country, what makes California stand out, and the problem with data brokers all can be found in my latest piece for SiliconANGLE here.

SiliconANGLE: Deepfake cyberthreats keep rising. Here’s how to prevent them

Posted on September 14, 2023 by dstrom

As expected, this summer has seen a rise in various cybersecurity threats based on deepfake audio and video impersonations.

Despite warnings from the Federal Bureau of Investigation in June, it’s now quite common to experience these types of threats. The fakes are used to lend credibility to larger exploits, such as for a phishing email lure or a request from a superior. These can run the gamut of executive impersonation, performing various forms of financial fraud and obtaining stolen account credentials. My story for SiliconANGLE provides some perspective.

SiliconANGLE: A network observability protocol standard gets a big boost

Posted on September 13, 2023 by dstrom

A networking protocol that has been under development for four years got a boost from both F5 Inc. and ServiceNow Inc. this week.

Called OpenTelemetry — OTel or OTLP for short — the protocol has been endorsed by dozens of vendors and has a curious mixture of open- and closed-source code to help advance the cause of observability, as it is now called. If refers to the broad collection of log analyzers, metrics and network traces that are used to figure out what’s happening inside a digital infrastructure.

OTLP was designed to be extensible, efficient and useful in a number of situations. For example, it can help analyze server log collections and share network trace data between different providers’ products. There is more in my story for SiliconANGLE here.

SiliconANGLE: Beware of insecure networked printers

Posted on September 12, 2023 by dstrom

Despite promises of a paperless office that have origins in the 1970s, the printer is still very much a security problem in the modern office.

And even if Microsoft Corp. will succeed in its efforts to eradicate the universe of third-party printer drivers from its various Windows products, the printer will still be the bane of security professionals for years to come. The problem is that the attack surface for printer-related activities is a rich one, with numerous soft targets.

Taking care of insecure printers isn’t easy, here is a trip down memory lane for my latest post for SiliconANGLE.

SiliconANGLE: It’s the end of the line for the outdated TLS

Posted on September 11, 2023 by dstrom

An aging core internet protocol is finally getting the ax by Microsoft Corp.

But it wasn’t just last month’s announcement that the software vendor was ending support for versions 1.0 and 1.1 of Transport Layer Security, or TLS, but that it was actually dropping the support from the impending release of the latest beta version of Windows 11. This means it is time to locate and update your aging TLS 1.0 and 1.1 systems, Windows 11 will disable by default in its next preview release.

You can read my story in SiliconANGLE here.

Me and my Ecobee

Posted on September 7, 2023 by dstrom

For the past month, I have been messing around with an Ecobee “smart” thermostat for my condo’s heat pump. The reason for the quotes will become clear as you follow along in my journey.

I live in a high-rise condo and it was time for the regular servicing of our heat pump, if by regular you mean a spousal request that I should finally get the AC tech out to tend to it. The tech came, said everything was looking good but that you might want to get a new thermostat, for reasons that I don’t recall now. That provided enough motivation for me to start down my Ecobee journey, which is the brand that the tech recommended.

My electric utility was offering half off if I bought it through them. They also had free Nest thermostats, which my tech said I should steer clear of. Given that they were free I figured that something was wrong with them. So I got the mid-priced model and it arrived a few days later. It did take three phone calls to find the webpage to order the thing, let’s just put that there in terms of pain points.

Now, I have to say right up front that I am not a handy guy. Generally, I know my limitations. I was going to give the Ecobee a try, until I saw that I had to deal with putting a bunch of tiny wires in the right places. (You can see what I mean in the photo above. The putty around the edges is to block out airflows from behind the wall, which was suggested by the hot line folks.) I put in a call to my AC repair folks, who happily charged me more than I paid for the device to come install it with tech #2 (a different guy from the first one). Some drilling was involved. I made the right choice not to fly solo on this install.

I was impressed with the level of support from Ecobee: their smartphone app will take you step by step through the initial installation and also help troubleshoot any problems. There is also a phone hotline that is answered promptly and by native English speakers who have tremendous patience to deal with your issues, and I had plenty. One concerned the fact that the temperature reported by the thermostat was off by four degrees with a thermometer that we were using to verify that it was working. After several calls to the hot line, they told me that I could adjust the temperature with a “fudge factor” (that wasn’t the term they used but that is what it was) so they could match.

But we also had another problem, which the kind folks at Ecobee put the blame squarely on my heat pump. It turns out the water drain from the unit would clog up, but only after the unit would operate for an hour. Another visit from the AC tech, at least this one was free where tech #2 (the same guy who installed the thermostat) found the problem.

So I think we finally have all systems go. One issue that still remains is that the Ecobee has three different ways to control its operation: a touch screen on its front panel, a web page or via its smartphone app. All three have slightly to majorly different user interfaces. Some things are quickly accessed with one or the other interface, which doesn’t make it spousal friendly. But one nice thing is that you can control it when you aren’t home, which is helpful in debugging problems and also when you are on vacation and want the home cooled or heated to your requirements before you walk in the door.

Do I regret buying the Ecobee? No. I regret that it takes an IT guy 10 phone calls and an outlay of cash to get professional help to get it operational. Hence why I put the “smart” in quotes: maybe if it was used by a “smarter” home owner I would feel differently. Now if only I could get my “smart” TV to work the way I want it to.

Web Informant

David Strom's musings on technology