On the Poisoning of LLMs
Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate…
Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws
It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to…
Credible Handwriting Machine
In case you don’t have enough to worry about, someone has built a credible handwriting machine: This is still a work in progress, but the project seeks to solve one…
Google Is Not Deleting Old YouTube Videos
Google has backtracked on its plan to delete inactive YouTube videos—at least for now. Of course, it could change its mind anytime it wants. It would be nice if this…
Friday Squid Blogging: Peruvian Squid-Fishing Regulation Drives Chinese Fleets Away
A Peruvian oversight law has the opposite effect: Peru in 2020 began requiring any foreign fishing boat entering its ports to use a vessel monitoring system allowing its activities to…
Security Risks of New .zip and .mov Domains
Researchers are worried about Google’s .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability.
Microsoft Secure Boot Bug
Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before…
Micro-Star International Signing Key Stolen
Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect a computer’s most nether regions…
Friday Squid Blogging: Giant Squid Video
A video—authentic, not a deep fake—of a giant squid close to the surface. As usual, you can also use this squid post to talk about the security stories in the…
Ted Chiang on the Risks of AI
Ted Chiang has an excellent essay in the New Yorker: “Will A.I. Become the New McKinsey?” The question we should be asking is: as A.I. becomes more powerful and flexible,…
Building Trustworthy AI
We will all soon get into the habit of using AI tools for help with everyday problems and tasks. We should get in the habit of questioning the motives, incentives,…
FBI Disables Russian Malware
Reuters is reporting that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers, a move they hoped would deal…
PIPEDREAM Malware against Industrial Control Systems
Another nation-state malware, Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a…
AI Hacking Village at DEF CON This Year
At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack. The DEF CON event will rely on…
Friday Squid Blogging: “Mediterranean Beef Squid” Hoax
The viral video of the “Mediterranean beef squid”is a hoax. It’s not even a deep fake; it’s a plastic toy. As usual, you can also use this squid post to…
Large Language Models and Elections
Earlier this week, the Republican National Committee released a video that it claims was “built entirely with AI imagery.” The content of the ad isn’t especially novel—a dystopian vision of…
SolarWinds Detected Six Months Earlier
New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandiant detected it in December 2020, but didn’t realize what it detected—and so…