Archive for April 5, 2023

ChatGPT Under Investigation By The Canadian Privacy Commissioner… Though It Has Other Issues Elsewhere

Posted in Commentary with tags on April 5, 2023 by itnerd

The new hotness in AI known as ChatGPT is now under investigation by the Canadian Privacy Commissioner because of a complaint alleging the company is collecting, using, and disclosing personal information without proper permission:

“AI technology and its effects on privacy is a priority for my Office,” Privacy Commissioner Philippe Dufresne says. “We need to keep up with – and stay ahead of – fast-moving technological advances, and that is one of my key focus areas as Commissioner.”

The investigation into OpenAI, the operator of ChatGPT, was launched in response to a complaint alleging the collection, use and disclosure of personal information without consent.

As this is an active investigation, no additional details are available at this time.

Well, I suppose that it could have been worse. Though it still could be as Italy has banned ChatGPT:

Last week, the Italian Data Protection Watchdog ordered OpenAI to temporarily cease processing Italian users’ data amid a probe into a suspected breach of Europe’s strict privacy regulations.

The regulator, which is also known as Garante, cited a data breach at OpenAI which allowed users to view the titles of conversations other users were having with the chatbot.

There “appears to be no legal basis underpinning the massive collection and processing of personal data in order to ‘train’ the algorithms on which the platform relies,” Garante said in a statement Friday.

Garante also flagged worries over a lack of age restrictions on ChatGPT, and how the chatbot can serve factually incorrect information in its responses.

The part about it serving up factually incorrect info is a problem with ChatGPT. Take for example this from Philip N Cohen who is a Sociologist and demographer at the University of Maryland via Mastodon:

Serious question: Can you sue an AI for this?

In any case, this is a huge problem for the makers of ChatGPT who is OpenAI, and those who back it. This combined with the fact that it appears to hoover up your data makes this tool problematic. Thus I would not be at all surprised if more countries crack down on ChatGPT in some way, shape, or form. That brings me to another point, what happens if you’re a company who’s integrated ChatGPT into your products? What then? That’s an interesting question that I think we’re going to find out what the answer is shortly.

Leave a comment »

BlackFog Releases Their State of Ransomware Report For March 2023

Posted in Commentary with tags on April 5, 2023 by itnerd

BlackFog today released the State of Ransomware report for March 2023. And Dr. Darren Williams, CEO and Founder, BlackFog had this commentary on the report:

     “March witnessed a total of 28 ransomware attacks. While lower than January and February, this still represents a 4-year high, with a 12% increase over previous years. Most notably we continue to see the flow of effects from unreported attacks. March saw 1,403% of attacks going unreported, up from 478% and 543% in January and February respectively. Nearly a 3-fold increase from previous months.

March also saw Education increase its lead as the most targeted sector, increasing by more than 53%, with 26 attacks for the year, followed by government and healthcare with increases of 33% and 13% respectively.

LockBit continues to dominate as the key ransomware variant with 24.3% of reported attacks and 41.4% of unreported attacks. It should be noted that the sheer volume of unreported attacks this month was dominated by LockBit, and we expect this to be reflected in the disclosed attacks over the coming months. Similarly, both CLOP and Royal were highly leveraged in unreported attacks with 11.4% each.

Lastly, we note that it is now becoming less common for attacks to remain unclaimed as ransomware gangs seek notoriety, with only 14% unclaimed this month. We have also seen continued use of data exfiltration in more than 88% of attacks, with March witnessing a significant increase in the use of illegal networks, up 14% to 94% since February.”

Today’s full report can be found at: https://privacy.blackfog.com/wp-content/uploads/2023/04/BlackFogRansomwareReport-Mar-2023.pdf

Leave a comment »

Elon Musk Takes Out Flipboard’s Access To Twitter

Posted in Commentary with tags , on April 5, 2023 by itnerd

It’s becoming clear that Elon Musk is walling off Twitter to make it an echo chamber that he completely controls. About the same time that this happened to WordPress, Flipboard’s access to Twitter was cut off:

Twitter, once a public square for ideas, is closing the free flow of information and has shut its gates to other platforms, including Flipboard. If you had connected your Twitter hashtags or feeds to Flipboard, you’ll notice those are no longer working. You may see gray tiles or broken links. Unfortunately, without access to the Twitter API, we can’t do anything to fix these issues.

As an alternative to the Twitter hashtags or lists you followed, consider following Flipboard Topic feeds. There are over 30,000 of them, on everything from #artificialintelligence to #twitter itself. They are high-quality feeds with little noise, delivering stories from trusted sources 24/7. Just use search to find what you’re interested in, follow the Topic, and comment on stories or share with others on Flipboard. 

Looking ahead, as Twitter continues to alienate its users, the next wave of social media will be on open platforms like Mastodon. Every day more and more people join Mastodon and we are there as well. If you already have a Mastodon account, be sure to follow Flipboard. If you want to explore this fast growing social platform, apply for a Mastodon account at flipboard.social. Once you have an account, connect it to your Flipboard, just like you had connected Twitter.

That response suggests to me that Flipboard isn’t going to play nice with Elon. Nor should they as appeasing bullies only emboldens them. Elon as I have said many times before has completely lost the plot here. And it will cost him more than the $24 billion that he’s lost so far. He’ll be exposed for the charlatan that he is, and I along with many others will be there to laugh in his face.

Leave a comment »

Do You Need A VPN? It Depends…

Posted in Commentary with tags on April 5, 2023 by itnerd

You’ve likely seen ads on line or via your favourite YouTuber saying that you need a VPN. And those ads make all sorts of claims about what they do. But the question is, do you need a VPN? Well, the answer is a bit complicated. So instead of giving you a yes or no answer, I’m going to walk you through all the various claims that VPN companies make to give you the information that will allow you to make a decision if a VPN is right for you.

First, let’s talk about what a VPN is. A VPN creates an encrypted connection between your device and a remote server operated by a VPN service. All your internet traffic is routed through this tunnel to the server, which then sends the traffic off to the public Internet as usual.Any traffic coming into your device is routed in a reverse manner. Because it’s encrypted, nobody can see what the traffic is until it exits the server and enters the public Internet. Which is why VPNs appeal to some people.

The next thing that I will do is to deal with if you even need to pay for a VPN. I say that because some home router companies make it possible for you to create your own basic VPN if you have their router hardware that supports a VPN. I’ll use ASUS as an example as that is what I presently have at home. They have their “WireGuard” VPN feature that is built into many of their routers if your firmware is new enough. And they have documents that describe how to set it up on the router end, as well as the client end. In my mind, this is meant for people who have the time to tinker with stuff like this to get things working properly rather than the average end user, and have very basic needs. But the advantage of creating your own VPN is that this is a $0 option that gets you some but not all of the benefits of a commercial VPN. More on that in a bit.

Speaking of the benefits of a commercial VPN that you often hear about, let’s walk through those and detail the facts behind them:

  • A VPN will make you anonymous on-line: This is sort of true. I say sort of because of the fact that a VPN makes it more difficult but not impossible for your on line activities to be seen by others. Your ISP for example may make a ton of money by selling information about what you do online. And a VPN may stop them from profiting from your surfing habits. But advertisers on the other hand have way more ways to track your activities online such as using digital fingerprinting or browser fingerprinting to do that. That means that a VPN may not fully help you to be invisible online.
  • A VPN will protect you against malware and spyware: Frankly if you have up to date security software on your computer, I cannot really see how a VPN would add any additional value in this use case.
  • A VPN will keep you safe from other online threats: This isn’t exactly true. The main threats that you have to worry about online besides spyware and malware are pop up scams, social engineering scams, and phishing sites. A VPN will not address any of that. A better strategy to avoiding those threats is to use a DNS service such as Canadian Shield which will reduce the possibility that you will get hit by malware, pop up scams, and phishing scams by blocking them before they hit your computer as long as those threats are known to that service. Plus I will note that some routers have built in security software to do the same thing, along with the protection that modern web browsers have. Thus I have difficulty seeing how VPNs add value in this use case.
  • A VPN will hide your BitTorrent activity: This is likely true if you’re the sort of person who is into “acquiring” copies of movies using this less than legal method. Your ISP is unlikely to see that you’re torrenting. But they will be able to see that you’re using a significant amount of bandwidth. Which means you may still get a email from your ISP complaining about your activities.
  • A VPN will protect you if you use public WiFi: This is true. Coffee shop or hotel WiFi can be simply sketchy or really sketchy. For example, I’ve come across man in the middle attacks in a big name coffee shop chain here in Canada. My assumption is that they were sniffing traffic to figure out what you were doing so that they can either block it or sell that info. Perhaps both. And there’s nothing stopping a threat actor from setting up a fake WiFi network in a coffee shop to steal your information. Never mind a threat actor hacking a WiFi network to do the same thing. Thus using a VPN will help you to stay safer when you’re away from home.
  • A VPN can help you to bypass censorship: This is largely true. VPNs are often the go to method to get access to news, information, as well as using apps that may not be legal in a given country. The catch is that in any country that has censorship in place, it’s often illegal to use a VPN to get access to news, information, or to use an app that isn’t legal in whatever country we’re talking about. Plus you might not be able to use a VPN at all as the government may have means in place to stop that from happening.
  • A VPN can help you to get access to streaming content that you can’t get in your country: This is largely true. VPNs have been used for a very long time to get access to content such as the British version of Netflix or Hulu if you live outside the US. The thing is that streaming services know many people use VPNs to access their content in ways that they don’t like and actively work to prevent it. Thus you should be advised that this might work until it doesn’t.
  • A VPN can make it look like you’re in another country: This is true. A VPN can make it look like you’re someplace else. That can help you to unlock streaming content for example. Or bypass censorship.

Now I want to circle back to the third paragraph about creating your own VPN. While that can be an option for some, it doesn’t give you the ability to do the last three things on the list above. So if you want to do your own VPN you should keep that in mind if any of that matters to you.

The final point that I want to cover is if you can trust your VPN provider. Many VPN companies have a “no logs” policy. That means that they don’t track your online activities. Or at least they say that they don’t. But besides the fact that a VPN provider may be compelled to hand over info to law enforcement or a government, there’s a bunch of other things to consider:

  • Since VPN providers see everything you do online, there is nothing stopping them from selling that data.
  • It could inject ads into the websites you view.

My advice on that front is that when you choose a VPN provider, you should look for third party auditing that is easily found for your VPN provider as well as clear privacy policies that spell out what they do and don’t do so that you can make an informed decision as to if they are the right choice for your needs.

So based on that, I would say whether you need a VPN or not depends on your use case. There are legitimate uses for a VPN, and there are reasons where having a VPN would make no difference in your life. You’re going to have decide which side of the fence that you’re on and whether a VPN would be worth it for you. Hopefully this has been helpful to you, and if you have any questions, leave a comment below and I will do my best to answer them.

Leave a comment »

It Appears Elon Musk Broke The Ability For WordPress Sites To Post To Twitter For 24 Hours

Posted in Commentary with tags , on April 5, 2023 by itnerd

As many of you know, I no longer post on Twitter because what a clown show that it has become. But when I did, I used functionality built within WordPress called the Jetpack Social tool to do it. Well, it’s a good thing that I don’t post on Twitter as apparently Elon broke support for the Jetpack Social tool on April 3:

On April 3, Twitter suspended WordPress.com’s access to the Twitter API without warning. As a result, Jetpack Social — the built-in tool that we use to auto-share your posts to social media — is currently broken for Twitter. This means that auto-posting to Twitter via WordPress.com is not actively working. 

Thankfully, this issue is isolated to Twitter, which means that Jetpack Social connections to other platforms are unaffected. Rest assured that you can continue sharing to Tumblr, Facebook, and LinkedIn without interruption.

But then the next day this happened:

The earlier reported outage has been resolved. Twitter is working again for Jetpack Social and all other functionalities that depend on Twitter. All Jetpack Social connections to Twitter, Tumblr, Facebook, and LinkedIn can be used as usual. 

We are working with Twitter directly to ensure this service keeps running without interruption.

You have to wonder if WordPress paid Elon to get functionality working again. We’ll never know for sure. But the fact is that if you rely on some piece of code to do something that is related to Twitter, it may break without warning. hat alone should make you reconsider your relationship with the platform. Especially if you’re a company or someone who is trying to promote themselves.

2 Comments »

Repeat Ransomware Victims Are On The Rise Says Report

Posted in Commentary with tags on April 5, 2023 by itnerd

The 2023 Ransomware Insights report published by Barracuda Networks focused on an interesting fact: Pay the ransom, get hit again. Their study showed that while 31% of organizations hit just once with a ransom attack had paid the ransom, 34% of those hit twice had paid the first time and 42% hit three or more times had paid the other times. Quite the trend.

Of the respondents, targets that paid the ransom to restore their data: 

  • 31% got hit once
  • 34% of those were hit twice 
  • 42% of those were affected three times or more

Multiple attacks reported by sector include: 

  • 53% Energy, oil/gas, and utility firms
  • 46% of financial services
  • 29% healthcare

“The relatively high proportion of repeat victims suggests that security gaps are not fully addressed after the first incident.” said Fleming Shi, CTO, Barracuda.

And with 27% of organizations not feeling fully prepared for a ransomware attack, the report brings into question the effectiveness of cyber insurance. 

Hit by a ransomware attack:

  • With Insurance – 77% hit
  • No Insurance – 65% hit
  • 39% of the companies with cyber insurance paid the ransom
  • 22% of organizations without cyber insurance paid the ransom
  • 70% of organizations that were affected by multiple attacks had cyber insurance

Christopher Peacock, Principal Detection Engineer, SCYTHE has this comment:

   “The conclusion section of the report has two critical highlights I see for protecting against the deployment of ransomware. The first point is to patch public-facing vulnerabilities, which means organizations must first identify what services are public facing to the internet. 

   “The second point says, “The release of ransomware is often the final stage of attack and can be preceded, for example, by lateral movement, data exfiltration, the installation of additional tools, and more. If you can detect and block the attack at these earlier stages, you might be able to prevent the full impact of the ransomware.” Though prevention is ideal, we see actors continue to get through the cracks, so organizations must have robust alerting capabilities for the precursors before the ransomware deployment. Furthermore, alerts aren’t helpful unless they trigger a response, so having a process to verify that process for common ransomware precursors is paramount.

   “This approach was recently highlighted in the Red Canary Yearly Report in their statement, “We focus on trying to detect ransomware precursor activity in the initial access, reconnaissance, and lateral movement phases and help our customers stop it before it gets to exfiltration or encryption. The result is that we see many more so-called ransomware precursors than we do actual ransomware payloads.” 

Morten Gammelgaard, EMEA, co-founder, BullWall follows up with this: 

   “The Barracuda Ransomware Insights report suggests that paying the ransom doesn’t prevent future attacks, and in fact industries like energy, financial services, and healthcare are still more prone to suffer from multiple attacks. 

   “Companies can learn from this report by prioritizing their cybersecurity measures, improving their security posture and having a proactive approach to security. Cyber insurance is not a guarantee, and in fact may be encouraging attacks. Companies should have an incident response plan in place and run regular attack simulations to be prepared. Finally, organizations should collaborate with industry peers and share best practices to stay ahead of cyber threats.”

The best defence from being pwned ransomware is not to get pwned. But if you do get pwned, you need to make sure that you get pwned again. It really looks bad on any organization that is in that position, which means that you should not be that guy.

Leave a comment »