Edwin Kwan: Sharing on social media is a good way to keep in touch with friends, but sometimes that can get you in trouble. A Russian neighbor officer was recently killed near his home and it was believed that he may have been tracked on the Strava app.

Ian Garrett: You can’t throw a stone without another company releasing a capability powered by the rise of large language models, otherwise known as LLMs. Did you ever wonder if there were problems with the underlying APIs or dependencies?

Katy Craig: In a blunder of epic proportions, a spelling mistake sent millions of US military emails to the country domain for Mali, Africa.

Hillary Coover: Microsoft just announced their new Office 365 artificial intelligence subscription service, and people are going nuts. The stock market responded with a bang, pushing Microsoft’s shares to an all-time high.

Marcel Brown: July 20th, 1969. Eagle, the Apollo 11 Lunar module, successfully lands in the area of the moon known as the Sea of Tranquility. Upon landing, Neil Armstrong utters the now famous phrase, “The Eagle has landed.”

From Sourced Network Productions in Washington DC, It’s 5:05. I’m Hillary Coover. Today is Thursday, July 20th, 2023. Here’s the full story behind today’s cybersecurity and open source headlines.

 

Edwin Kwan: What’s Your Social Media OpSec?

This is Edwin Kwan from Sydney Australia.

Sharing on social media is a good way to keep in touch with friends, but sometimes that can get you in trouble. A Russian neighbor officer was recently killed near his home and it was believed that he may have been tracked on the Strava app.

Strava is a social fitness app, where you can use it to record your exercise like walking, running, or cycling. It allows you to share your activity either publicly, with friends, or just yourself and you can use it to compete with others along similar track segments.

There had been report of people’s bikes being stolen in the past as thieves would use Strava to determine the cyclist homes, so they know where to target. It was believed that this Russian neighbor officer had a routine for where he ran and the route he took. Those activities were publicly available, and it was said that the Chief of Intelligence of Ukraine liked one of the workouts a week before the incident.

While most of us wouldn’t need to worry about assassination attempts, we should still be mindful of what we share and who we share our personal information with.

Resources
– https://therecord.media/russia-submarine-captain-killed-strava-app-jogging-route
– https://twitter.com/Stealx/status/1678741923400384512

 

Ian Garrett: The Dark Side of Generative AI

You can’t throw a stone without another company releasing a capability powered by the rise of Large Language Models, otherwise known as LLMs. Did you ever wonder if there were problems with the underlying APIs or dependencies? A recent report by Endor Labs highlights the potential risk to applications, leveraging packages utilizing LLMs.

Hey folks, this is Ian Garrett in Arlington, Virginia.

Endor Labs recently conducted extensive research using data sets such as Census II, GitHub repositories, and package repositories like npm and PyPI. Since the launch of ChatGPT’s API in January, 2023, there has been a significant increase in the number of packages utilizing the API, with many existing packages, adding support as well.

The research also revealed a concerning number of dependencies in LLM-enabled packages, with some projects relying on 500 or more dependencies. Furthermore, the report highlights that a large percentage of applications and their dependencies make calls to security-sensitive APIs. This poses a risk to the security of assets if these APIs are compromised.

The report emphasizes the importance of understanding and managing dependencies to ensure application security. The report also sheds light on the limitations of LLMs and malware detection. When evaluating LLM models from OpenAI and Google Vertex AI, both models struggled with accurately classifying malicious code and produced a high number of false positives.

The report suggests that LLMs should not be solely relied upon for specialized purposes like malware detection. It is crucial for developers and organizations to be aware of these vulnerabilities and limitations as they incorporate AI capabilities into their software development processes.

While LLMs provide an incredible capability opportunity limitations should always be considered during application.

Resources
– https://www.csoonline.com/article/646676/dependencies-in-llm-packages-open-apps-to-vulnerabilities-report.html

 

Katy Craig: Typo Leak Sends Email to Mali

In a blunder of epic proportions, a spelling mistake sent millions of US military emails to the country domain for Mali, Africa.

This is Katy Craig in San Diego, California.

The emails loaded with sensitive information like diplomatic documents, tax returns, and even top officers’ travel details, ended up on a detour thanks to the swap of “.MIL” with “.ML.”

According to the Financial Times, this typo-triggered information torrent has been going on for years. While none of the emails contain classified information, the Defense Department is hardly doing a victory dance.

So who gets to wear the detective badge in this story? That honor goes to Dutch entrepreneur, Johannes Zuurbier, contracted to manage Mali’s domain.

He warned of the data leak and its potential exploitation by US adversaries. The control over the “.ML” domain is about to shift back to Mali’s government, which seems to be getting increasingly chummy with Russia lately. The Pentagon, already wrestling with a breach involving military documents, insists it has protective measures in place, but personal accounts still aren’t covered by these safeguards.

It’s a wild world, folks. Be sure to check your email suffixes.

This is Katy Craig. Stay safe out there.

Resources
– Sensitive US military info exposed in accidental emails to Mali
– Typo leaks millions of US military emails to Mali web operator | Financial Times

 

Hillary Coover: Microsoft expanding access to AI

Hi, this is Hillary Coover reporting from Washington, DC.

Microsoft just announced their new Office 365 artificial intelligence subscription service, and people are going nuts. The stock market responded with a bang, pushing Microsoft’s shares to an all-time high.

So what’s so exciting about the service?

It’s called Copilot, and it’s like having a super smart assistant integrated into office products like Word, Excel, PowerPoint, and Teams. For a monthly fee per user, you can access AI-powered features that’ll help with everything from designing presentations, to summarizing meetings, and even sorting out emails.

By integrating AI tools into the platform, it will be accessible to a wide range of users and subscribers. This move makes Microsoft the first to offer such comprehensive AI integration within their platform. This initiative represents a significant step towards democratizing access to AI technology.

Currently, only big players like Goodyear and General Motors are testing out Copilot, while the rest of us eagerly wait for its wider release. Microsoft hasn’t announced the full release of it to the general population yet.

All in all, this is a gamechanger. It’s like having a super smart AI sidekick right at our fingertips, making our work lives more efficient and enjoyable.

Resources
– https://www.cnbc.com/2023/07/18/microsoft-stock-hits-all-time-high-on-new-copilot-ai-subscription.html

 

Marcel Brown: This Day, July 20, in Tech History

This is Marcel Brown landing with some technology history for July 20th.

July 20th, 1969. Eagle, the Apollo 11 Lunar module, successfully lands in the area of the moon known as the Sea of Tranquility. Upon landing, Neil Armstrong utters the now famous phrase, “The Eagle has landed.” About six hours later while setting foot on the moon, he utters the even more famous phrase, “That’s one small step for man, one giant leap for mankind.”

July 20th, 1976. NASA’s Viking 1 Lander becomes the first spacecraft to successfully land on Mars and return data. Besides a variety of scientific experiments, including those designed to look for possible signs of life, Viking 1 provided the very first images of the surface of the Red Planet.

Intended to operate for only 90 days after landing, the Viking 1 Lander continued to operate until November 11th, 1982.

That’s your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.

Resources
– https://thisdayintechhistory.com/07/20

 

Hillary Coover

That’s our update for today, July 20th, 2023. I’m Hillary Coover. We’ll be back tomorrow at 5:05.