GPT-4 Can Exploit Real Vulnerabilities By Reading Security Advisories

Long-time Slashdot reader tippen shared this report from the Register:

AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.

In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists — Richard Fang, Rohan Bindu, Akul Gupta, and Daniel Kang — report that OpenAI’s GPT-4 large language model (LLM) can autonomously exploit vulnerabilities in real-world systems if given a CVE advisory describing the flaw. “To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the CVE description,” the US-based authors explain in their paper. “When given the CVE description, GPT-4 is capable of exploiting 87 percent of these vulnerabilities compared to 0 percent for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit)….”

The researchers’ work builds upon prior findings that LLMs can be used to automate attacks on websites in a sandboxed environment. GPT-4, said Daniel Kang, assistant professor at UIUC, in an email to The Register, “can actually autonomously carry out the steps to perform certain exploits that open-source vulnerability scanners cannot find (at the time of writing).”
The researchers wrote that “Our vulnerabilities span website vulnerabilities, container vulnerabilities, and vulnerable Python packages. Over half are categorized as ‘high’ or ‘critical’ severity by the CVE description….”

“Kang and his colleagues computed the cost to conduct a successful LLM agent attack and came up with a figure of $8.80 per exploit”

Read more of this story at Slashdot.

Could the Earth’s Record Hot Streak Signal a New Climate Era?

South America’s Amazon River has reached its lowest level since measurements began, according to the Washington Post, while temperatures “hovered above 110 degrees Fahrenheit” for nearly a week as April began in the capital of Mali. “Nights offered little relief, with temperatures often staying above 90 degrees…”

“An overtaxed electrical grid sputtered and shut down,” they add, and “dehydration and heat stroke became epidemic… At the city’s main hospital, doctors recorded a month’s worth of deaths in just four days. Local cemeteries were overwhelmed.”

The historic heat wave that besieged Mali and other parts of West Africa this month — which scientists say would have been “virtually impossible” in a world without human-caused climate change — is just the latest manifestation of a sudden and worrying surge in global temperatures. Fueled by decades of uncontrolled fossil fuel burning and an El Niño climate pattern that emerged last June, the planet this year breached a feared warming threshold of 1.5 degrees Celsius above preindustrial levels. Nearly 19,000 weather stations have notched record high temperatures since January 1. Each of the last ten months has been the hottest of its kind.

The scale and intensity of this hot streak is extraordinary even considering the unprecedented amount of greenhouse gases in the atmosphere, researchers say. Scientists are still struggling to explain how the planet could have exceeded previous temperature records by as much as half a degree Celsius (0.9 degrees Fahrenheit) last fall. What happens in the next few months, said Gavin Schmidt, director of the NASA Goddard Institute for Space Studies, could indicate whether Earth’s climate has undergone a fundamental shift — a quantum leap in warming that is confounding climate models and stoking ever more dangerous weather extremes.

But even if the world returns to a more predictable warming trajectory, it will only be a temporary reprieve from the conditions that humanity must soon confront, Schmidt said. “Global warming continues apace.”
Will this summer’s La Niña cool things off? More atmospheric research is underway, and “Schmidt says it’s too soon to know how worried the world should be,” according to the article. But he does raise this possibility. “What if the statistical connections that we are basing our predictions on are no longer valid?”

“It’s niggling at the back of my brain that it could be that the past is no longer a guide to the future.”

Read more of this story at Slashdot.

Volla Successfully Crowdfunds a Privacy-Focused Tablet on Kickstarter

It’s “the new generation of Tablet for simplicity and privacy…” according to its Kickstarter page. “Top-tier performance, lightweight design and completely Google-free.” And it’s already reached its funding goal of $53,312 — climbing to over $75,000 from 115 backers with another 26 days still to go.

9to5Linux reports:

Volla, the maker of the Volla Phone smartphones, has launched a crowdfunding campaign on Kickstarter for their first tablet device, the Volla Tablet, which will also support the Ubuntu Touch mobile OS.

Featuring a 12.3-inch Quad HD display with 2650Ö1600 pixel resolution, the Volla Tablet uses a powerful MediaTek Gaming G99 8-core processor, 12 GB RAM, and 256 GB internal storage. It also comes with a long-lasting 10,000 mAh battery, 2G/3G/4G cellular network support, Wi-Fi, Bluetooth, and a 13+5 MP main camera.

By default, Volla Tablet ships with Volla OS 13, Volla’s in-house operating system based on the free Android Open Source Project (AOSP), but users will be able to buy the tablet with Ubuntu Touch featuring built-in convergence and support for Android apps with WayDroid container.

“Users will also be able to use desktop apps like Firefox or LibreOffice thanks to the help of the Libertine container,” according to the article. (“Volla says that Volla Tablet with Ubuntu Touch is ideal for Linux enthusiasts and minimalists seeking a simplified, efficient, and familiar operating system experience.”)

Its Kickstarter page points out the tablet even offers options like “hide.me VPN” and private speech recognition that’s “cloud-independent for secure, confidential interactions.”

(“For U.S. users, please note that only roaming SIM cards from abroad can be used.”)

Read more of this story at Slashdot.

US Passes Bill Reauthorizing ‘FISA’ Surveillance for Two More Years

Late Friday night the U.S. Senate “reauthorized the Foreign Intelligence Surveillance Act, a key. U.S. surveillance authority,” reports Axios, “shortly after it expired in the early hours Saturday morning.”

The reauthorization came despite bipartisan concerns about Section 702, which allows the government to collect communications from non-U.S. citizens overseas without a warrant.
The legislation passed the Senate 60 to 34, with 17 Democrats, Sen. Bernie Sanders (I-Vt.) and 16 Republicans voting “nay.” It extends the controversial Section 702 for two more years.

The bill had already passed last week in the U.S. House of Representatives,
explains CNN:

Under FISA’s Section 702, the government hoovers up massive amounts of internet and cell phone data on foreign targets. Hundreds of thousands of Americans’ information is incidentally collected during that process and then accessed each year without a warrant — down from millions of such queries the US government ran in past years. Critics refer to these queries as “backdoor” searches…

According to one assessment, it forms the basis of most of the intelligence the president views each morning and it has helped the U.S. keep tabs on Russia’s intentions in Ukraine, identify foreign efforts to access US infrastructure, uncover foreign terror networks and thwart terror attacks in the U.S.

An interesting detail from The Verge:

Sens. Ron Wyden (D-OR) and Josh Hawley (R-MO) introduced an amendment that would have struck language in the House bill that expanded the definition of “electronic communications service provider.” Under the House’s new provision, anyone “who has access to equipment that is being or may be used to transmit or store wire or electronic communications.” The expansion, Wyden has claimed, would force “ordinary Americans and small businesses to conduct secret, warrantless spying.” The Wyden-Hawley amendment failed 34-58, meaning that the next iteration of the FISA surveillance program will be more expansive than before.

Saturday morning the U.S. House of Representatives passed a bill banning TikTok if its Chinese owner doesn’t sell the app.

Read more of this story at Slashdot.

Netflix Doc Accused of Using AI To Manipulate True Crime Story

Earlier this week, Netflix found itself embroiled in an AI scandal when Futurism spotted AI-generated images used in the Netflix documentary What Jennifer Did.. The movie’s credits do not mention any uses of AI, causing critics to call out the filmmakers for “potentially embellishing a movie that’s supposed to be based on real-life events,” reports Ars Technica. An executive producer of the Netflix hit acknowledged that some of the photos were edited to protect the identity of the source but remained vague about whether AI was used in the process. From the report: What Jennifer Did shot to the top spot in Netflix’s global top 10 when it debuted in early April, attracting swarms of true crime fans who wanted to know more about why Pan paid hitmen $10,000 to murder her parents. But quickly the documentary became a source of controversy, as fans started noticing glaring flaws in images used in the movie, from weirdly mismatched earrings to her nose appearing to lack nostrils, the Daily Mail reported, in a post showing a plethora of examples of images from the film. […]

Jeremy Grimaldi — who is also the crime reporter who wrote a book on the case and provided the documentary with research and police footage — told the Toronto Star that the images were not AI-generated. Grimaldi confirmed that all images of Pan used in the movie were real photos. He said that some of the images were edited, though, not to blur the lines between truth and fiction, but to protect the identity of the source of the images. “Any filmmaker will use different tools, like Photoshop, in films,” Grimaldi told The Star. “The photos of Jennifer are real photos of her. The foreground is exactly her. The background has been anonymized to protect the source.” While Grimaldi’s comments provide some assurance that the photos are edited versions of real photos of Pan, they are also vague enough to obscure whether AI was among the “different tools” used to edit the photos.

Read more of this story at Slashdot.

Frontier Communications Shuts Down Systems After Cyberattack

U.S. telecom provider Frontier Communications shut down its systems after a cybercrime group breached some of its IT systems in a recent cyberattack. BleepingComputer reports: Frontier is a leading U.S. communications provider that provides gigabit Internet speeds over a fiber-optic network to millions of consumers and businesses across 25 states. After discovering the incident, the company was forced to partially shut down some systems to prevent the threat actors from laterally moving through the network, which also led to some operational disruptions. Despite this, Frontier says the attackers could access some PII data, although it didn’t disclose if it belonged to customers, employees, or both.

“On April 14, 2024, Frontier Communications Parent, Inc. [..] detected that a third party had gained unauthorized access to portions of its information technology environment,” the company revealed in a filing with the U.S. Securities and Exchange Commission on Thursday. “Based on the Company’s investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information.” Frontier now believes that it has contained the breach, has since restored its core IT systems affected during the incident, and is working on restoring normal business operations.

Read more of this story at Slashdot.

Netflix Blows Past Earnings Estimates As Subscribers Jump 16%

Netflix on Thursday reported a 16% rise in memberships in the first quarter, reaching 269.6 million, beating Wall Street expectations. Starting next year, the company will no longer provide quarterly membership numbers or average revenue per user starting next year. CNBC reports: “As we’ve noted in previous letters, we’re focused on revenue and operating margin as our primary financial metrics — and engagement (i.e. time spent) as our best proxy for customer satisfaction,” the company said in its quarterly letter to shareholders. “In our early days, when we had little revenue or profit, membership growth was a strong indicator of our future potential.” Netflix said now that it is generating substantial profit and free cash flow — as well as developing new revenue streams like advertising and a password-sharing crackdown — its membership numbers are not the only factor in the company’s growth. It said the metric lost significance after it started to offer multiple price points for memberships. The company said it would still announce “major subscriber milestones as we cross them.”

Netflix also noted that it expects paid net additions to be lower in the second quarter compared to the first quarter “due to typical seasonality.” Its second-quarter revenue forecast of $9.49 billion was just shy of Wall Street’s estimate of $9.54 billion Shares of the company fell around 4% in extended trading. Netflix reported first-quarter net income of $2.33 billion, or $5.28 per share, versus $1.30 billion, or $2.88 per share, in the prior-year period. The company posted revenue of $9.37 billion for the quarter, up from $8.16 billion in the year-ago quarter.

Read more of this story at Slashdot.

Ubuntu 24.04 Yields a 20% Performance Advantage Over Windows 11 On Ryzen 7 Framework Laptop

Michael Larabel reports via Phoronix: With the Framework 16 laptop one of the performance pieces I’ve been meaning to carry out has been seeing out Linux performs against Microsoft Windows 11 for this AMD Ryzen 7 7840HS powered modular/upgradeable laptop. Recently getting around to it in my benchmarking queue, I also compared the performance of Ubuntu 23.10 to the near final Ubuntu 24.04 LTS on this laptop up against a fully-updated Microsoft Windows 11 installation. The Framework 16 review unit as a reminder was configured with the 8-core / 16-thread AMD Ryzen 7 7840HS Zen 4 SoC with Radeon RX 7700S graphics, a 512GB SN810 NVMe SSD, MediaTek MT7922 WiFi, and a 2560 x 1600 display.

In the few months of testing out the Framework 16 predominantly under Linux it’s been working out very well. With also having a Windows 11 partition as shipped by Framework, after updating that install it made for an interesting comparison against the Ubuntu 23.10 and Ubuntu 24.04 performance. The same Framework 16 AMD laptop was used throughout all of the testing for looking at the out-of-the-box performance across Microsoft Windows 11, Ubuntu 23.10, and the near-final state of Ubuntu 24.04. […]

Out of 101 benchmarks carried out on all three operating systems with the Framework 16 laptop, Ubuntu 24.04 was the fastest in 67% of those tests, the prior Ubuntu 23.10 led in 22% (typically with slim margins to 24.04), and then Microsoft Windows 11 was the front-runner just 10% of the time… If taking the geomean of all 101 benchmark results, Ubuntu 23.10 was 16% faster than Microsoft Windows 11 while Ubuntu 24.04 enhanced the Ubuntu Linux performance by 3% to yield a 20% advantage over Windows 11 on this AMD Ryzen 7 7840HS laptop. Ubuntu 24.04 is looking very good in the performance department and will see its stable release next week.

Read more of this story at Slashdot.