GPT-4 Has Passed the Turing Test, Researchers Claim

Drew Turney reports via Live Science: The “Turing test,” first proposed as “the imitation game” by computer scientist Alan Turing in 1950, judges whether a machine’s ability to show intelligence is indistinguishable from a human. For a machine to pass the Turing test, it must be able to talk to somebody and fool them into thinking it is human. Scientists decided to replicate this test by asking 500 people to speak with four respondents, including a human and the 1960s-era AI program ELIZA as well as both GPT-3.5 and GPT-4, the AI that powers ChatGPT. The conversations lasted five minutes — after which participants had to say whether they believed they were talking to a human or an AI. In the study, published May 9 to the pre-print arXiv server, the scientists found that participants judged GPT-4 to be human 54% of the time.

ELIZA, a system pre-programmed with responses but with no large language model (LLM) or neural network architecture, was judged to be human just 22% of the time. GPT-3.5 scored 50% while the human participant scored 67%. “Machines can confabulate, mashing together plausible ex-post-facto justifications for things, as humans do,” Nell Watson, an AI researcher at the Institute of Electrical and Electronics Engineers (IEEE), told Live Science. “They can be subject to cognitive biases, bamboozled and manipulated, and are becoming increasingly deceptive. All these elements mean human-like foibles and quirks are being expressed in AI systems, which makes them more human-like than previous approaches that had little more than a list of canned responses.” Further reading: 1960s Chatbot ELIZA Beat OpenAI’s GPT-3.5 In a Recent Turing Test Study

Read more of this story at Slashdot.

Electricity Bills Forecasted To Climb With Summer Heat

The Energy Information Administration (EIA) expects Americans’ monthly electricity bills to average $173 between June through August, compared to $168 last summer. “The slight bump in costs comes from consumers cranking up their air conditioning more to cope with a warmer season than last year,” writes The Verge’s Justine Calma. “Bills would have jumped higher, if not for lower residential electricity prices helping to balance out some of the increased energy use from air conditioning.” From the report: Some regions are likely to be harder hit by the weather than others. Because of heat and humidity along the Gulf Coast, residents in Southern states typically use the most electricity in the summer to cool their homes. The Pacific Coast, meanwhile, faces the biggest potential percentage increase in retail electricity prices in the nation — a 7 percent jump since last year. Wholesale electricity costs there have risen since 2022, in part because of a heat and drought-induced shortfall in hydroelectricity generation. Households along the Pacific could see their electricity bills go up an average of $11 per month this summer, according to the EIA.

To be sure, the EIA says that weather is “the main source of uncertainty” in its forecasts for folks’ utility bills. If this summer winds up being hotter than expected, households could wind up paying even more. Residential electricity use typically peaks in the summer for most of the US because of air conditioning. Extreme heat can even trigger power outages if demand suddenly rises too sharply. California, the Southwest, the Midwest, Texas, and New England are at “elevated risk” of electricity supply shortages during any extreme weather this summer, according to an assessment (PDF) by the North American Electric Reliability Corporation.

Read more of this story at Slashdot.

Ransomware Attackers Quickly Weaponize PHP Vulnerability With 9.8 Severity Rating

A critical vulnerability in the PHP programming language (CVE-2024-4577) has been exploited by ransomware criminals, leading to the infection of up to 1,800 servers primarily in China with the TellYouThePass ransomware. This vulnerability, which affects PHP when run in CGI mode, allows attackers to execute malicious code on web servers. Ars Technica’s Dan Goodin reports: As of Thursday, Internet scans performed by security firm Censys had detected 1,000 servers infected by a ransomware strain known as TellYouThePass, down from 1,800 detected on Monday. The servers, primarily located in China, no longer display their usual content; instead, many list the site’s file directory, which shows all files have been given a .locked extension, indicating they have been encrypted. An accompanying ransom note demands roughly $6,500 in exchange for the decryption key. The vulnerability, tracked as CVE-2024-4577 and carrying a severity rating of 9.8 out of 10, stems from errors in the way PHP converts Unicode characters into ASCII. A feature built into Windows known as Best Fit allows attackers to use a technique known as argument injection to convert user-supplied input into characters that pass malicious commands to the main PHP application. Exploits allow attackers to bypass CVE-2012-1823, a critical code execution vulnerability patched in PHP in 2012.

CVE-2024-4577 affects PHP only when it runs in a mode known as CGI, in which a web server parses HTTP requests and passes them to a PHP script for processing. Even when PHP isn’t set to CGI mode, however, the vulnerability may still be exploitable when PHP executables such as php.exe and php-cgi.exe are in directories that are accessible by the web server. This configuration is extremely rare, with the exception of the XAMPP platform, which uses it by default. An additional requirement appears to be that the Windows locale — used to personalize the OS to the local language of the user — must be set to either Chinese or Japanese. The critical vulnerability was published on June 6, along with a security patch. Within 24 hours, threat actors were exploiting it to install TellYouThePass, researchers from security firm Imperva reported Monday. The exploits executed code that used the mshta.exe Windows binary to run an HTML application file hosted on an attacker-controlled server. Use of the binary indicated an approach known as living off the land, in which attackers use native OS functionalities and tools in an attempt to blend in with normal, non-malicious activity.

In a post published Friday, Censys researchers said that the exploitation by the TellYouThePass gang started on June 7 and mirrored past incidents that opportunistically mass scan the Internet for vulnerable systems following a high-profile vulnerability and indiscriminately targeting any accessible server. The vast majority of the infected servers have IP addresses geolocated to China, Taiwan, Hong Kong, or Japan, likely stemming from the fact that Chinese and Japanese locales are the only ones confirmed to be vulnerable, Censys researchers said in an email. Since then, the number of infected sites — detected by observing the public-facing HTTP response serving an open directory listing showing the server’s filesystem, along with the distinctive file-naming convention of the ransom note — has fluctuated from a low of 670 on June 8 to a high of 1,800 on Monday. Censys researchers said in an email that they’re not entirely sure what’s causing the changing numbers.

Read more of this story at Slashdot.

A Growing Number of Americans Are Getting Their News From TikTok

According to a new survey from the Pew Research Center, TikTok is the second most popular source of news for Americans after X, “though most TikTok users don’t primarily think of the shortform video app as a news source,” notes The Verge. The survey looked at how Facebook, Instagram, TikTok and X play a role in Americans’ news diets. From the report: Among TikTok users, only 15 percent say keeping up with the news is a major reason they use the app. Still, 35 percent of those surveyed said they wouldn’t have seen the news they get on TikTok elsewhere. And unlike other apps, the news users see on TikTok is just as likely to come from influencers or celebrities as it is from journalists — and it’s far more likely to come from total strangers. (Meanwhile, most Facebook and Instagram users say the news that pops up on their feeds is posted by friends, relatives, or other people they know; on X, users are more likely to see news posted by media outlets or reporters.)

Read more of this story at Slashdot.