Lifeboat Foundation

This is a 1 hour general-audience introduction to Large Language Models: the core technical component behind systems like ChatGPT, Claude, and Bard. What they are, where they are headed, comparisons and analogies to present-day operating systems, and some of the security-related challenges of this new computing paradigm.
As of November 2023 (this field moves fast!).

Context: This video is based on the slides of a talk I gave recently at the AI Security Summit. The talk was not recorded but a lot of people came to me after and told me they liked it. Seeing as I had already put in one long weekend of work to make the slides, I decided to just tune them a bit, record this round 2 of the talk and upload it here on YouTube. Pardon the random background, that’s my hotel room during the thanksgiving break.

Continue reading “[1hr Talk] Intro to Large Language Models” »

Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors.

Blackwing Intelligence security researchers discovered vulnerabilities during research sponsored by Microsoft’s Offensive Research and Security Engineering (MORSE) to assess the security of the top three embedded fingerprint sensors used for Windows Hello fingerprint authentication.

Continue reading “Windows Hello auth bypassed on Microsoft, Dell, Lenovo laptops” »

Good technologies disappear.

In the company’s cloud market study, almost all organizations say that security, reliability and disaster recovery are important considerations in their AI strategy. Also key is the need to manage and support AI workloads at scale. In the area of AI data rulings and regulation, many firms think that AI data governance requirements will force them to more comprehensively understand and track data sources, data age and other key data attributes.

“AI technologies will drive the need for new backup and data protection solutions,” said Debojyoti ‘Debo’ Dutta, vice president of engineering for AI at Nutanix. “[Many companies are] planning to add mission-critical, production-level data protection and Disaster Recovery (DR) solutions to support AI data governance. Security professionals are racing to use AI-based solutions to improve threat and anomaly detection, prevention and recovery while bad actors race to use AI-based tools to create new malicious applications, improve success rates and attack surfaces, and improve detection avoidance.”

Continue reading “How AI Became A Cloud ‘Workload’” »

It is estimated that 95% of the planet’s population has access to broadband internet, via cable or a mobile network. However, there are still some places and situations in which staying connected can be very difficult. Quick responses are necessary in emergency situations, such as after an earthquake or during a conflict. So too are reliable telecommunications networks that are not susceptible to outages and damage to infrastructure, networks can be used to share data that is vital for people’s well-being.

A recent article, published in the journal Aerospace, proposes the use of nanosatellites to provide comprehensive and stable coverage in areas that are hard to reach using long-range communications. It is based on the bachelor’s and master’s degree final projects of Universitat Oberta de Catalunya (UOC) graduate David N. Barraca Ibort.

The paper is co-authored by Raúl Parada, a researcher at the Telecommunications Technological Center of Catalonia (CTTC/CERCA) and a course instructor with the UOC’s Faculty of Computer Science, Multimedia and Telecommunications; Carlos Monzo, a researcher and member of the same faculty; and Víctor Monzón, a researcher at the Interdisciplinary Center for Security Reliability and Trust at the University of Luxembourg.

As part of pioneering the security of satellite communication in space, NASA is funding a groundbreaking project at the University of Miami’s Frost Institute for Data Science and Computing (IDSC) which will enable augmenting traditional large satellites with nanosatellites or constellations of nanosatellites.

These nanosatellites are designed to accomplish diverse goals, ranging from communication and weather prediction to Earth science research and observational data gathering. Technical innovation is a hallmark of NASA, a global leader in the development of novel technologies that enable US space missions and translate to a wide variety of applications from Space and Earth science to consumer goods and to national and homeland security.

With advances in satellite technology and reduced cost of deployment and operation, nanosatellites also come with significant challenges for the protection of their communication networks. Specifically, small satellites are owned and operated by a wide variety of public and private sector organizations, expanding the attack surface for cyber exploitation. The scenario is similar to Wi-Fi network vulnerabilities. These systems provide an opportunity for adversaries to threaten national security as well as raise economic concerns for satellite companies, operators, and users.

On Wednesday, a collaborative whiteboard app maker called “tldraw” made waves online by releasing a prototype of a feature called “Make it Real” that lets users draw an image of software and bring it to life using AI. The feature uses OpenAI’s GPT-4V API to visually interpret a vector drawing into functioning Tailwind CSS and JavaScript web code that can replicate user interfaces or even create simple implementations of games like Breakout.

Users can experiment with a live demo of Make It Real online. However, running it requires providing an API key from OpenAI, which is a security risk. If others intercept your API key, they could use it to rack up a very large bill in your name (OpenAI charges by the amount of data moving into and out of its API). Those technically inclined can run the code locally, but it will still require OpenAI API access.

Research into artificial intelligence (AI) network computing has made significant progress in recent years but has so far been held back by the limitations of logic gates in conventional computer chips. Through new research published in The European Physical Journal D, a team led by Aijin Zhu at Guilin University of Electronic Technology, China, introduced a graphene-based optical logic gate, which addresses many of these challenges.

The design could lead to a new generation of computer chips that consume less energy while reaching higher computing speeds and efficiencies. This could, in turn, pave the way for the use of AI in computer networks to automate tasks and improve decision-making—leading to enhanced performance, security, and functionality.

There are many advantages to microchips whose component logic gates exchange signals using light instead of electrical current. However, current designs are often bulky, somewhat unstable, and vulnerable to information loss.

The company on Wednesday announced Astro for Business, a version of its household robot that it’s framing as a crime prevention tool for retailers, manufacturers and a range of other industries, in spaces that are up to 5,000 square feet. Astro for Business is launching only in the U.S. to start, and it comes at a steep price point of $2,349.99.

Amazon unveiled Astro, its first home robot, in September 2021. The squat, three-wheeled device can roll around the house to answer Alexa voice commands, and it has a 42-inch periscope camera that allows it to see over countertops or other obstacles to check if a stove has been left on, among other tasks.

Two years on from its debut, the original Astro, which costs $1,599, is available in limited quantities and on an invite-only basis.

🆘 VMware raises the alarm about an UNPATCHED security flaw (CVE-2023–34060) in Cloud Director, which could allow attackers to bypass authentication on SSH and appliance management console ports. Learn more ➡️

VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections.

Tracked as CVE-2023–34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version.

Continue reading “Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability” »