Using ChatGPT To Solve Secure Programming Challenges

?? Edwin Kwan, Sydney, Australia ↗
Evaluating ChatGPT’s Effectiveness in Passing A Secure Programming Challenge – AppSec & DevSecOps – Discuss

Unmasking the False Claim of a Quantum Processor

?? Ian Garrett, Arlington, Virginia ↗
Iran’s ‘quantum processor’ turned out to be a $600 dev board | PC Gamer

Following Public Position Against The Current Form Of The EU Cyber Resilience Act, OpenInfra Open EU and Asian Hub

?? Olimpiu Pop, Transylvania, Romania ↗
https://techcrunch.com/2023/06/13/openinfra-foundation-opens-regional-hubs-in-europe-and-asia
OpenInfra Foundation Expresses Concern over Proposed EU Cyber Resilience Act | Blog

Babel X is Looking at Your Social Media

?? Kadi Grigg,Alexandria, Virginia ↗
Homeland Security Uses AI Tool to Analyze Social Media of U.S. Citizens and Refugees

Ex Samsung Exec Stole Trade Secrets for China

?? Katy Craig, San Diego, California ↗
Ex-Samsung executive alleged to have stolen tech to recreate chip plant in China | Financial Times
Ex-Samsung executive indicted for stealing trade secrets for China – Nikkei Asia

This Day in Tech History 

?? Marcel Brown, St. Louis, Missouri ↗
http://thisdayintechhistory.com/06/14

Pokie Huang:

It’s 5:05 on Wednesday. June 14th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today’s episode come from Kadi Grigg in in Alexander, Virginia, Edwin Kwon in Sydney, Australia, Ian Garrett in Arlington, Virginia, Olimpiu Pop Transylvania, Romania, Katy Craig in San Diego, California and Marcel Brown in St. Louis, Missouri.

Let’s get to it.

Kadi Grigg: 

Ever wonder what data the Department of Homeland Security looks at? In a thought-provoking article published on Vice, the use of cutting edge AI technology by the Customs and Border Protection, also known as CVP, to take center stage. CVP has been utilizing a powerful tool called Babel X, developed by Babel Street, to monitor and analyze social media content of both citizens and refugees alike.

The article written by Joseph Cox sheds light on the potential implications and concerns surrounding this AI-driven approach to surveillance. Babel X’S capabilities enable the CVP and its parent agency, department of Homeland Security, to sift through vast amounts of public data, allowing them to gather insights, identify patterns, and potentially flag any potential security threats.

The system lets DHS put in information of their target. We’re talking phone, email addresses, and in return, what do they get? A variety of information from social media posts, employment history, social security number, location history, and even advertising identifiers associated with their target’s mobile phone.

This is Katie Greg in Alexander, Virginia.

 My immediate question is, how long is the data kept? The answer: 75 years. 

This unprecedented level of social media monitoring raises questions about privacy, civil liberties, and the potential for bias. Critics argue that this type of surveillance could infringe upon people’s rights, particularly as it involves not only foreign targets, but also American citizens.

 What this highlights is the risk of false positives and the potential for discriminatory targeting as algorithms may not always accurately interpret the context or intent behind online posts. 

The use of AI technology by government agencies for surveillance opens up a Pandora’s box of ethical dilemmas. While proponents argue that such measures are essential for national security, opponents emphasize the importance of striking a balance between safeguarding citizens and preserving individual freedom. As the debate surrounding AI driven surveillance intensifies, this article serves as a critical examination of CVP and DHS’ use of Babel X and its impact on privacy, civil liberties, and potential ramifications for both citizens and refugees in the digital age.

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

Hamza from Security Dimension recently ran an experiment to determine if ChatGPT is up to the challenge of tackling security vulnerabilities in code. He tried to get ChatGPT to solve a secure programming challenge in cross-site scripting for both Python and JavaScript. His observations were that ChatGPT was particularly good at handling Python code, but seems to struggle in JavaScript.

It constantly struggled with usability requirements and unless strictly guided would end up making a lot of breaking changes to the existing code. With enough information and context, it was able to create a good enough solution to pass the challenge, but those solutions did not actually address the root of the security vulnerability.

Read more about Hamza’s Secure Coding ChatGPT experience on Security Dimension.

Ian Garrett: Quantum computing poses a threat to existing encryption algorithms due to its incredible processing power, being able to brute force encryption keys, or neutralize the effectiveness of pseudo random numbers. Iran has claimed that they have produced the “first product of the quantum processing algorithm.” A deeper look into the technology reveals a quite different perspective. 

Hey folks, this is Ian Garrett in Arlington, Virginia. 

Iran’s Imam Khomeini University of Marine Sciences and Technologies made headlines with its announcement of a quantum processor. However, it didn’t take long for the online community to unravel the truth behind their claims.

A former US Department of State advisor on Iran discovered that the quantum processor showcased was actually a widely available dev board. This particular board known as the ZedBoard Zynq-7000 can be purchased on Amazon for just $589. 

Upon further investigation, it became clear that the specifications of this dev board were nowhere near powerful enough to function as a quantum processor. With limited storage, modest ram, and a dual core arm cortex, a nine processor, it’s evident that the board is better suited for applications like video processing or software acceleration rather than quantum computing. 

While this particular claim turned out to be false, it’s a good reminder that the development of quantum computing capabilities is underway and also a good reminder to stay up to date on the progress NIST and other organizations are actively developing in post quantum effective encryption algorithms and response.

Olimpiu Pop: 

Open Infrastructure Foundation made its mission regional; it opened the hub in EU and Asia. It actually makes sense. Its members are split evenly between those regions. One third EU, one third Asia, and one third water. Sorry, wrong statistic. A third are members from the rest of the world. 

Who is Open Infra? A foundation that supports open source cloud development and adoption. Among the projects are OpenStack and StarlingX. 

Why going regional now? 

“The world has changed and open source needs regional resiliency and action to ensure vital software technologies continue to be developed in the open,” stated one of its leaders in support of the announcement. He further stated, “Key regional issues have emerged like digital sovereignty in the EU, that has created an opportunity for Open Infra regional hubs to facilitate collaboration and discussion, coordinate responses, and give a voice to the concerns of the Open Infra ecosystem.

What does that actually mean? That the EU Cyber Resiliency Act might cloud the open source sky. And not in the good sense. 

 In late May, the foundation joined Open Source Foundation in stating concerns that if the EU legislation moves forward in the current form, would “going to have a chilling effect on that successful global model.” It might potentially discourage contributions from EU developers or even the creation of EU based communities to work on future open source software.

Hopefully, European decision makers will open their ears, minds, and soul, especially now when they just got a big win for drafting the first AI act in the world without hindering innovation. Now this got me interested.

 To stay in the loop. Follow 505updatess.com. There you can find the supporting resources.

This was Olimpiu Pop reporting from Transylvania, Romania.

Katy Craig: 

A former Samsung executive has been arrested and charged with stealing trade secrets in order to build a copycat microchip factory in China. 

This is Katy Craig in San Diego, California. 

The unnamed individual allegedly obtained blueprints and trade secrets from Samsung and attempted to set up a microchip manufacturing facility in China. But rather than obtaining approval from Samsung executives, the accused managed to secure funding from investors in China and Taiwan. With these funds, they began producing trial chip products based on the stolen technology. 

The theft is estimated to be worth several hundred billion dollars. 

The arrest and indictment highlights the significant breach of trust and potential financial impact resulting from the theft of intellectual property. The legal proceedings will determine the extent of the individual’s involvement and the consequences they may face for their alleged actions. This case comes on the heels of the US sanctioning investment in China’s chip, AI and quantum tech, and serves as a reminder of the importance of safeguarding advantages and trade secrets.

This is Katy Craig. Stay safe out there.

Marcel Brown: 

This is Marcel Brown, the most trusted name in technology with your technology history for June 14th. 

June 14th, 1822. In a paper to the Royal Astronomical Society, Charles Babbage unveils his design for a machine he called the Difference Engine, the first example of a mechanical computing machine. The British government funded the building of a Difference Engine, which Babbage never actually completed.

However, Babbage’s design for the Difference Engine and his later Analytical Engine spurred future designs of working mechanical computers. 

In 1991, a working Difference Engine was constructed using Babbage’s plans, proving that his designs would’ve worked. 

June 14th, 1951. The US Census Bureau officially puts UNIVAC I into service, calling it the world’s first commercial computer. Another UNIVAC computer would famously predict the presidential election in November of 1952. 

June 14th, 1967. NASA launches Mariner V on a mission to fly by Venus. Mariner V was originally built as a backup to the Mariner IV spacecraft, which successfully journeyed to Mars in 1965. Because the Mariner IV mission was so successful, Mariner V was then modified to fly by Venus and collect data on the planet’s atmosphere, radiation and magnetic field.

That’s your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.

Pokie Huang:

That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.

5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there.

Thank you to Kadi Grigg, Edwin Kwon, Ian Garrett, Olimpiu Pop, Katy Craig, Marcel Brown for today’s contributions.

The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm.

This is Pokie Huang. See you tomorrow… at 5:05.