Dark mode: ON

Infosec Decoded Season 3 #39: AGI

With @sambowne@infosec.exchange

May 16, 2023

Sam Bowne

How AI Knows Things No One Told It
This is a serious article from Scientific American, not crazy speculation. LLMs are proven to have an internal representation of the world, and they perform tasks they were not trained to do, giving them “emergent abilities.” An AI trained to play Othello developed “neural activity” that matched the game board. The researchers concluded that it was playing Othello roughly like a human: by keeping a game board in its “mind’s eye” and using this model to evaluate moves. "...we are probably not that far off from AGI" (Artificial General Intelligence).

Risky Biz News: VMProtect source code leaks (again)
Source code for the VMProtect software has leaked online not once but twice over the past year. The first leak happened in August last year, while the second took place last week via a Chinese IT forum.

Made by a Russian company, VMProtect is a popular solution for protecting software applications by running an app inside a customized virtual machine.

VMProtect has its legitimate uses in the software development community, especially in games and enterprise applications, but it has also been broadly adopted by malware developers to protect malicious payloads—with multiple cybersecurity companies automatically detecting VMProtect-enveloped software as a potential threat.

The .zip TLD sucks and it needs to be immediately revoked
You might have been tricked into clicking this, assuming that the .zip in the URL was a filename. This is, of course, how it's been for decades. .zip isn't a valid part of a domain name! Except that Google has changed that. You can now purchase .zip and .mov domain names from Google. ICANN has failed all of us by allowing this to happen.

Re-Victimization from Police-Auctioned Cell Phones
Smartphones seized by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized. Researchers purchased phones and found photographs of government-issued IDs, communications between sex workers and clients, and stolen credit cards on them. The seller has apparently begun wiping the phones before sale in response to this research.

New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems
The risk is increased because VMware says antivirus is not needed for ESXi and does not support it.

Google Launching Tools to Identify Misleading and AI Images
Google is adding two new features to its image search to reduce the spread of misinformation: ‘About this image’ serves up additional context like when an image or similar ones were first indexed by Google, where they first appeared and where else they’ve shown up online. Another mark on every AI-generated image will indicate the tool used to create it.