Is "open source" AI, really open? What is an #open_source Ai? Is it possible to have one? How?

The license for Meta’s LLaMa 2 restricts usage by any organization with 700 or more million monthly active users. Other licenses explicitly prohibit using #AI for illegal activities, which can vary widely country by country. Are those models open source?

@kalilinux
https://leaddev.com/tech/be-careful-open-source-ai

Leaddev

Be careful with ‘open source’ AI

Open source AI models may be appealing for developers, but there are still plenty of complex risks to assess.

A jailbroken version of GPT-4o hit the #ChatGPT website this week, lasting only a few precious hours before being destroyed by #OpenAI

Twitter user "Pliny the Prompter," who calls themselves a white hat #hacker and "AI red teamer," shared their "GODMODE GPT" on Wednesday. Using OpenAI's custom #GPT editor, Pliny was able to #prompt the new GPT-4o model to bypass all of its restrictions, allowing the #AI #chatbot to swear, jailbreak cars, and make napalm, among other dangerous instructions.
@Kalilinux

https://www.tomshardware.com/tech-industry/artificial-intelligence/godmode-gpt-4o-jailbreak-released-by-hacker-powerful-exploit-was-quickly-banned

Tom's Hardware

'Godmode' GPT-4o jailbreak released by hacker — powerful exploit was quickly banned

Please don't use it to learn how to cook drugs

VPNs are mainly useful for one thing: routing your network connection through a different network.

Today, many people use a VPN in situations where they don't trust their local network. But the TunnelVision method of exploiting DHCP, makes it clear that using an untrusted network is not always an appropriate threat model for VPNs because they will not always protect you if you can't trust your local network.

https://www.eff.org/deeplinks/2024/05/wider-view-tunnelvision-and-vpn-advice

@Kalilinux

Electronic Frontier Foundation

A Wider View on TunnelVision and VPN Advice

If you listen to any podcast long enough, you will almost certainly hear an advertisement for a Virtual Private Network (VPN). These advertisements usually assert that a VPN is the only tool you need

Sounds like the justice department is on steroid nowadays!
The alleged owner and operator of Incognito Market, a dark web marketplace for selling illegal narcotics online, was arrested at the John F. Kennedy Airport in New York on May 18

@Kalilinux

Millions of customers' data found on dark web in latest AT&T data breach

AT&T said the information included in the compromised data set varies from person to person. It could include social security numbers, full names, email and mailing addresses, phone numbers, and dates of birth, as well as AT&T account numbers and passcodes.

@kalilinux

https://www.npr.org/2024/03/30/1241863710/att-data-breach-dark-web

NPR

Millions of customers' data found on dark web in latest AT&T data breach

The provider says it has reset the passcodes of the current account holders whose data was compromised as it investigates the leak, the latest in a string of telecommunications company data breaches.

The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.

This backdoor could potentially allow a malicious actor to compromise sshd authentication. If you did not update your Kali installation before the 26th, you are not affected by this backdoor vulnerability.

More information can be found at:

https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/

And

https://www.openwall.com/lists/oss-security/2024/03/29/4

If you would like to be sure that you are up to date and not affected by this vulnerability, you can do the following to upgrade your local version of the package:

sudo apt update && sudo apt install —only\-upgrade liblzma5

Full blog post:
https://www.kali.org/blog/about-the-xz-backdoor/

@kalilinux

Help Net Security

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) - Help Net Security

A vulnerability (CVE-2024-3094) in XZ Utils may enable a malicious actor to gain unauthorized access to Linux systems remotely.

How fastest sorting algorithms compare.
@kalilinux

Exploiting a vulnerability in Telegram's system that allows for matching user IDs with phone numbers

Russian security forces and officials employ a system known as "Insider," alongside Telegram bots, to de-anonymize users by exploiting a vulnerability in Telegram's system that allows for matching user IDs with phone numbers, thereby revealing their identities. This system, which utilizes leaked databases from sources like Yandex and Wildberries, is part of a broader initiative called "Demon of Laplace," aimed at monitoring social networks and identifying activists. The purchase of "Insider" by authorities, under contracts signed by several Russian regional departments, is funded by budget money.

The developer behind "Insider," Evgeny Venediktov, is known for his controversial past, and the legality of employing such systems for de-anonymization purposes raises significant questions under Russian law.

STATISTICS:
- More than 76 million mobile numbers are loaded into the "Insider" system from leaked databases.
- One license for "Laplace's Demon" costs on average 500 thousand rubles. ($5500 USD)
- In 2019, the database used had 10 million numbers, which has now grown to more than 76 million.
@kalilinux

Sources: [researcher lordx64 - zakharovchannel]

X (formerly Twitter)

taha (@lordx64) on X

Russian security forces and officials employ a system known as "Insider," alongside Telegram bots, to de-anonymize users by exploiting a vulnerability in Telegram's system that allows for matching user IDs with phone numbers, thereby revealing their identities.…