The Lighthouse IT Podcast - February 10th, 2023
This week, were back! And Matt & Griff discuss the recent advancements and potential future of AI, the ups and downs cybercriminals have been going through with two prominent data leaks, reduced ransomware profits, and an FBI crackdown of cybercriminal assets, and the VMware ESXi ransomware.
Listen here!
Highlights
We're Back!
ChatGPT, big tech, and what the near future holds
- You've heard of ChatGPT and the life-like responses it can generate, but will this hurt search engines like Google and Bing? Well not if they work together.
- Microsoft, Google, and Apple (probably many more companies though) have all made big moves recently to ensure that they are staying in front of this new wave of AI. But Microsoft no longer wants you to Bing and decide. They'll decide for you!
- With text-to-image seeming archaic now compared to the text-to-video and even text-to-music demos, AI-powered search doesn't seem too far away.
- Microsoft seemed to be the first major company to actively show support for this and aims for an AI-powered version of Bing.
- They are launching the product alongside new AI-enhanced features for Edge, promising that the two will provide a new experience for browsing the web and finding information online.
- Our robotic counterparts talked about ChatGPT during our last show, and it's been the buzz of the past few months as ChatGPT has been used by people to write scripts, power chat bots, generate fan fic, and more.
- But Microsoft thinks ChatGPT could be the ultimate search engine and has begun implementing it into Bing's search engine.
- Curious how it works? It's already live on bing.com
- They also were able to create VALL-E text-to-speech model which can produce speech in any voice with just three seconds of training. The transformer-based model keeps the intonation, charisma, and style of voice intact in the generated speech.
- Microsoft also plans to invest $10 billion in OpenAI. It isn't clear whether the deal, which would value OpenAI at $29 billion, has been finalized.
- Google, not wanting to be left out, is looking for competitors
- Of course, we all remember LaMDA technology that had convinced an internal Google team member that it had gained sentience as well as using something called "Apprentice Bard".
- Why not just use ChatGPT? Well, that's kind of Microsoft's area, given the investment they've given the program and Google... they like doing their own thing.
- The ChatGPT competitor can answer users' queries and take part in conversations. It is now available to a group of trusted testers and will be released more widely in the coming weeks. Bard will draw on information from the web to provide high-quality responses.
- Even Baidu plans to launch a rival to ChatGPT in March.
- Baidu plans to launch an AI service powered by its Ernie system that offers conversational results comparable to ChatGPT.
- And now you can pay to be front of the line for ChatGPT. OpenAI launches ChatGPT Plus, starting at $20 per month!
- OpenAI will start inviting US customers on its waitlist and expand to other regions soon. (Professional plans costs $42)
- Artists accuse Adobe of tracking their design process to power its AI.
- Seems like Adobe wants to automate artists processes.
- You can turn off in the settings a checkbox that asks if you want to share analytics with Adobe. But it is on by default.
- Apple unveils suite of AI-voiced audiobooks.
- Apple has quietly launched a catalog of books narrated by artificial intelligence. The books can be found by searching for 'AI narration' in the Books app. If Apple's strategy is successful, it could have significant implications for the market. Producing audiobooks can take weeks and cost publishers thousands of dollars. Amazon and Google have also been exploring AI narration technology.
- Apple pushing to launch search engine to rival Google.
- Apple is working on a search engine to rival Google Search. Google currently pays Apple around $15 billion per year to stay as the default search engine on Apple devices. An in-house alternative may help Apple increase its leverage during its periodic negotiations with Google. Apple's search technology is currently used to generate data for Apple apps that use natural language processing and to determine what news should show up in results and recommended Apple News articles.
- Former OpenAI employees are making a ChatGPT rival.
- Claude is an AI assistant from Anthropic, an AI startup co-founded by former OpenAI employees. This article provides an informal comparison between Claude and ChatGPT. Claude's writing is more verbose, but also more natural. It appears to be better than ChatGPT in many areas, but it is worse at tasks like code generation or reasoning about code.
- Meanwhile, CNET has been publishing entire AI generated articles for a few months without anyone noticing.
- CNET has been using AI to generate its financial explainer articles. Articles published under 'CNET Money Staff' are generated using automation technology and then edited and fact-checked by an editor. CNET has so far put out around 73 AI-generated articles. Despite Google claiming to penalize AI-generated content, some of the articles have received large amounts of traffic. It appears that the company is trying to keep the experiment as lowkey as possible.
- But good news, OpenAI released a toll to detect AI-generated text, including from ChatGPT.
- OpenAI has launched a tool that attempts to differentiate between text written by humans and AI-generated text. Its success rate is around 26%, but OpenAI argues that it can be used with other methods to help prevent abuse of AI text generators. The tool incorrectly lables human-written texts as AI-generated 9% of the time. It requires at least 1,000 characters, or 250 words of text, to run. OpenAI released the tool to get feedback on whether these types of tools are useful and to improve its method.
Cyber-crime gangs' earning slide as victims refuse to pay
- Ransomware groups extorted at least $457 million from victims in 2022, a 40% drop compared to the year before as fewer victims are paying.
LastPass user info and password vault data are now in the hands of hackers
- Hackers have obtained encrypted and cryptographically hashed passwords and other data stored in customer vaults from LastPass.
- LastPass insists that its user login information is secure, but cybersecurity experts have pointed out several ways users may still be vulnerable.
FBI finds and shuts down ransomware servers used by Hive
- How about a bit of good news? In late January, the FBI, assisted by Law Enforcement teams in Germany and the Netherlands, identified, located, and seized servers that were used by the Hive Ransomware Gang.
- Unfortunately, we don't have any of the core members in custody at this time, but perhaps this will yield to some arrests. For sure, the gang's core group will go into hiding at least for a little bit. Until they very likely start again, as is often the case.
T-Mobile suffers 37 million customer records stolen due to bad API practices
- T-Mobile has recently fessed up to the loss of 37 million customer records (both prepay and billed-in-arrears customers) because of a weak API endpoint. The Threat Actor was able to connect and query this API and begin pulling data from the API which includes address and date of birth.
- T-Mobile promises that no payment or SSN data was included... however, they've also downplayed that any personal information was stolen.
VMware ESXi ransomware - should you be worried?
- The French government's Computer Emergency Response team (CERT-FR!) published a bulletin indicating cyberattacks against VMware ESXi services are causing the servers to be inoperable, as well as the VMs themselves.
- What is ESXi?
- ESXi is a virtualization software that allows many computers to run on a single hardware layer and is among the largest players in the space. This means that the compromise of a single hardware layer, can lay waste to an entire organization.
- The exploit works fast too. By methodically scrambling the ESXi's virtual disk files and encrypting the first 1MB, it renders any virtual machine useless. And yet, it's fast since it is not encrypting the entire disk.
- There is some good news, however, as the exploit in use was patched years ago (in 2021), so if you're current on patches, you're all set.