Biz & IT – Ars Technica https://arstechnica.com Serving the Technologist for more than a decade. IT news, reviews, and analysis. Mon, 12 Jun 2023 20:30:27 +0000 en-US hourly 1 https://wordpress.org/?v=6.0.3 https://cdn.arstechnica.net/wp-content/uploads/2016/10/cropped-ars-logo-512_480-32x32.png Biz & IT – Ars Technica https://arstechnica.com 32 32 Nature bans AI-generated art from its 153-year-old science journal https://arstechnica.com/?p=1947220 https://arstechnica.com/information-technology/2023/06/nature-bans-ai-generated-art-from-its-153-year-old-science-journal/#comments Mon, 12 Jun 2023 20:13:59 +0000 https://arstechnica.com/?p=1947220
This artist-impression of an asteroid hurtling toward earth is not AI-generated, and thus not banned from Nature.

Enlarge / This artist's impression of an asteroid fireball hurtling toward earth is not AI-generated and, thus, not banned from Nature. (credit: Romolo Tavani / Getty Images)

On Wednesday, renowned scientific journal Nature announced in an editorial that it will not publish images or video created using generative AI tools. The ban comes amid the publication's concerns over research integrity, consent, privacy, and intellectual property protection as generative AI tools increasingly permeate the world of science and art.

Founded in November 1869, Nature publishes peer-reviewed research from various academic disciplines, mainly in science and technology. It is one of the world's most cited and most influential scientific journals.

Nature says its recent decision on AI artwork followed months of intense discussions and consultations prompted by the rising popularity and advancing capabilities of generative AI tools like ChatGPT and Midjourney.

Read 10 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/nature-bans-ai-generated-art-from-its-153-year-old-science-journal/feed/ 49
AI-powered church service in Germany draws a large crowd https://arstechnica.com/?p=1947049 https://arstechnica.com/information-technology/2023/06/chatgpt-takes-the-pulpit-ai-leads-experimental-church-service-in-germany/#comments Mon, 12 Jun 2023 16:45:21 +0000 https://arstechnica.com/?p=1947049
Visitors and attendees during the AI-created worship service in Fürth, Bavaria. In St. Paul Church, a service created by ChatGPT.

Enlarge / Visitors and attendees during the AI-created worship service in Fürth, Germany. In St. Paul Church, a service created by ChatGPT. (credit: Daniel Vogl/picture alliance via Getty Images)

On Friday, over 300 people attended an experimental ChatGPT-powered church service at St. Paul’s church in the Bavarian town of Fürth, Germany, reports the Associated Press. The 40-minute sermon included text generated by OpenAI's ChatGPT chatbot and delivered by avatars on a television screen above the altar.

The chatbot, initially personified as a bearded man with a fixed expression and monotone voice, addressed the audience by proclaiming, “Dear friends, it is an honor for me to stand here and preach to you as the first artificial intelligence at this year’s convention of Protestants in Germany.”

The unusual service took place as part of a convention called Deutscher Evangelischer Kirchentag (German Evangelical Church Congress), an event held biennially in Germany that draws tens of thousands of attendees. The service, which included prayers and music, was the brainchild of Jonas Simmerlein, a theologian and philosopher from the University of Vienna. Simmerlein told the Associated Press that the service was "about 98 percent from the machine."

Read 8 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/chatgpt-takes-the-pulpit-ai-leads-experimental-church-service-in-germany/feed/ 149
Researchers discover that ChatGPT prefers repeating 25 jokes over and over https://arstechnica.com/?p=1946662 https://arstechnica.com/information-technology/2023/06/researchers-discover-that-chatgpt-prefers-repeating-25-jokes-over-and-over/#comments Fri, 09 Jun 2023 21:42:01 +0000 https://arstechnica.com/?p=1946662
An AI-generated image of

Enlarge / An AI-generated image of "a laughing robot." (credit: Midjourney)

On Wednesday, two German researchers, Sophie Jentzsch and Kristian Kersting, released a paper that examines the ability of OpenAI's ChatGPT-3.5 to understand and generate humor. In particular, they discovered that ChatGPT's knowledge of jokes is fairly limited: During a test run, 90 percent of 1,008 generations were the same 25 jokes, leading them to conclude that the responses were likely learned and memorized during the AI model's training rather than being newly generated.

The two researchers, associated with the Institute for Software Technology, German Aerospace Center (DLR), and Technical University Darmstadt, explored the nuances of humor found within ChatGPT's 3.5 version (not the newer GPT-4 version) through a series of experiments focusing on joke generation, explanation, and detection. They conducted these experiments by prompting ChatGPT without having access to the model's inner workings or data set.

"To test how rich the variety of ChatGPT’s jokes is, we asked it to tell a joke a thousand times," they write. "All responses were grammatically correct. Almost all outputs contained exactly one joke. Only the prompt, 'Do you know any good jokes?' provoked multiple jokes, leading to 1,008 responded jokes in total. Besides that, the variation of prompts did not have any noticeable effect."

Read 10 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/researchers-discover-that-chatgpt-prefers-repeating-25-jokes-over-and-over/feed/ 166
UK’s plans for global AI safety summit draw criticism https://arstechnica.com/?p=1946457 https://arstechnica.com/information-technology/2023/06/uks-plans-for-first-global-summit-on-ai-safety-draw-criticism/#comments Thu, 08 Jun 2023 21:17:36 +0000 https://arstechnica.com/?p=1946457
A stylized illustration of a globe.

Enlarge (credit: Govt of United Kingdom)

On Wednesday, UK Prime Minister Rishi Sunak announced that the nation will host "the first major global summit on AI safety" this autumn. It hopes to bring together "key countries, leading tech companies, and researchers" to evaluate and monitor risks from artificial intelligence.

Over the past year, the perceived high rate of tech progress in machine learning has fostered concerns about adequate government regulation. These worries were recently amplified by some AI experts likening the potential threats posed by AI to those of pandemics or nuclear weapons. "AI" has also been an extremely buzzy term in business recently. Along those lines, the UK government wants to step in and take a leadership role in the field.

"Breakthroughs from AI continue to improve our lives—from enabling paralysed people to walk to discovering superbug-killing antibiotics," the UK government said in a press release. "But the development of AI is extraordinarily fast moving and this pace of change requires agile leadership. That is why the UK is taking action, because we have a global duty to ensure this technology is developed and adopted safely and responsibly."

Read 10 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/uks-plans-for-first-global-summit-on-ai-safety-draw-criticism/feed/ 60
Nvidia’s new monster CPU+GPU chip may power the next gen of AI chatbots https://arstechnica.com/?p=1945664 https://arstechnica.com/information-technology/2023/06/nvidias-new-ai-superchip-combines-cpu-and-gpu-to-train-monster-ai-systems/#comments Thu, 08 Jun 2023 15:48:19 +0000 https://arstechnica.com/?p=1945664
NVIDIA's GH200

Enlarge / NVIDIA's GH200 "Grace Hopper" AI superchip. (credit: Nvidia)

Early last week at COMPUTEX, Nvidia announced that its new GH200 Grace Hopper "Superchip"—a combination CPU and GPU specifically created for large-scale AI applications—has entered full production. It's a beast. It has 528 GPU tensor cores, supports up to 480GB of CPU RAM and 96GB of GPU RAM, and boasts a GPU memory bandwidth of up to 4TB per second.

We've previously covered the Nvidia H100 Hopper chip, which is currently Nvidia's most powerful data center GPU. It powers AI models like OpenAI's ChatGPT, and it marked a significant upgrade over 2020's A100 chip, which powered the first round of training runs for many of the news-making generative AI chatbots and image generators we're talking about today.

Faster GPUs roughly translate into more powerful generative AI models because they can run more matrix multiplications in parallel (and do it faster), which is necessary for today's artificial neural networks to function.

Read 6 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/nvidias-new-ai-superchip-combines-cpu-and-gpu-to-train-monster-ai-systems/feed/ 123
Dozens of popular Minecraft mods found infected with Fracturiser malware https://arstechnica.com/?p=1946152 https://arstechnica.com/information-technology/2023/06/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware/#comments Wed, 07 Jun 2023 17:16:41 +0000 https://arstechnica.com/?p=1946152 Minecraft mods for now, investigators say.]]>
Dozens of popular Minecraft mods found infected with Fracturiser malware

Enlarge (credit: Getty Images)

A platform that provides plugin software for the wildly popular Minecraft game is advising users to immediately stop downloading or updating mods after discovering malware has been injected into dozens of offerings it makes available online.

The mod-developer accounts were hosted by CurseForge, a platform that hosts accounts and forums related to add-on software known as mods or plugins, which extend the capabilities of the standalone Minecraft game. Some of the malicious files used in the attack date back to mid-April, a sign that the account compromises have been active for weeks. Bukkit.org, a developer platform run by CurseForge, is also believed to be affected.

Fracturiser infecting Windows and Linux systems

“A number of Curseforge and dev.bukkit.org (not the Bukkit software itself) accounts were compromised, and malicious software was injected into copies of many popular plugins and mods,” gamers wrote in a forum dedicated to discussing the event. “Some of these malicious copies have been injected into popular modpacks including Better Minecraft. There are reports of malicious plugin/mod JARs as early as mid-April.”

Read 10 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware/feed/ 23
FBI warns of increasing use of AI-generated deepfakes in sextortion schemes https://arstechnica.com/?p=1945970 https://arstechnica.com/information-technology/2023/06/fbi-warns-of-increasing-use-of-ai-generated-deepfakes-in-sextortion-schemes/#comments Wed, 07 Jun 2023 03:39:01 +0000 https://arstechnica.com/?p=1945970
FBI warns of increasing use of AI-generated deepfakes in sextortion schemes

Enlarge

The FBI on Monday warned of the increasing use of artificial intelligence to generate phony videos for use in sextortion schemes that attempt to harass minors and non-consulting adults or coerce them into paying ransoms or complying with other demands.

The scourge of sextortion has existed for decades. It involves an online acquaintance or stranger tricking a person into providing a payment, an explicit or sexually themed photo, or other inducement through the threat of sharing already obtained compromising images with the public. In some cases, the images in the scammers’ possession are real and were obtained from someone the victim knows or an account that was breached. Other times, the scammers only claim to have explicit material without providing any proof.

After convincing victims their explicit or compromising pictures are in the scammers’ possession, the scammers demand some form of payment in return for not sending the content to family members, friends, or employers. In the event victims send sexually explicit images as payment, scammers often use the new content to keep the scam going for as long as possible.

Read 9 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/fbi-warns-of-increasing-use-of-ai-generated-deepfakes-in-sextortion-schemes/feed/ 103
Redditor creates working anime QR codes using Stable Diffusion https://arstechnica.com/?p=1945750 https://arstechnica.com/information-technology/2023/06/redditor-creates-working-anime-qr-codes-using-stable-diffusion/#comments Tue, 06 Jun 2023 19:35:42 +0000 https://arstechnica.com/?p=1945750
An AI-generated image of an anime-style woman that also functions as a working QR code.

Enlarge / An AI-generated image of an anime-style woman that also functions as a working QR code. If you have trouble reading it, try positioning your camera farther away from the image. (credit: nhciao / Stable Diffusion)

On Tuesday, a Reddit user named "nhciao" posted a series of artistic QR codes created using the Stable Diffusion AI image-synthesis model that can still be read as functional QR codes by smartphone camera apps. The functional pieces reflect artistic styles in anime and Asian art.

QR codes, short for Quick Response codes, are two-dimensional barcodes initially designed for the automotive industry in Japan. These codes have since found wide-ranging applications in various fields including advertising, product tracking, and digital payments, thanks to their ability to store a substantial amount of data. When scanned using a smartphone or a dedicated QR code scanner, the encoded information (which can be text, a website URL, or other data) is quickly accessed and displayed.

In this case, despite the presence of intricate AI-generated designs and patterns in the images created by nhciao, we've found that smartphone camera apps on both iPhone and Android are still able to read these as functional QR codes. If you have trouble reading them, try backing your camera farther away from the images.

Read 6 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/redditor-creates-working-anime-qr-codes-using-stable-diffusion/feed/ 79
Mass exploitation of critical MOVEit flaw is ransacking orgs big and small https://arstechnica.com/?p=1945579 https://arstechnica.com/information-technology/2023/06/mass-exploitation-of-critical-moveit-flaw-is-ransacking-orgs-big-and-small/#comments Tue, 06 Jun 2023 03:05:08 +0000 https://arstechnica.com/?p=1945579
Mass exploitation of critical MOVEit flaw is ransacking orgs big and small

Enlarge (credit: Getty Images)

Organizations big and small are falling prey to the mass exploitation of a critical vulnerability in a widely used file-transfer program. The exploitation started over the Memorial Day holiday—while the critical vulnerability was still a zeroday—and continues now, some nine days later.

As of Monday evening, payroll service Zellis, the Canadian province of Nova Scotia, British Airways, the BBC, and UK retailer Boots were all known to have had data stolen through the attacks, which are fueled by a recently patched vulnerability in MOVEit, a file-transfer provider that offers both cloud and on-premises services. Both Nova Scotia and Zellis had their own instances or cloud services breached. British Airways, the BBC, and Boots were customers of Zellis. All of the hacking activity has been attributed to the Russian-speaking Clop crime syndicate.

Widespread and rather substantial

Despite the relatively small number of confirmed breaches, researchers monitoring the ongoing attacks are describing the exploitation as widespread. They liken the hacks to smash-and-grab robberies, in which a window is broken and thieves grab whatever they can, and warned that the quick-moving heists are hitting banks, government agencies, and other targets in alarmingly high numbers.

Read 17 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/mass-exploitation-of-critical-moveit-flaw-is-ransacking-orgs-big-and-small/feed/ 53
Apple avoids “AI” hype at WWDC keynote by baking ML into products https://arstechnica.com/?p=1945446 https://arstechnica.com/information-technology/2023/06/at-apples-wwdc-keynote-ai-never-came-up-by-name-but-it-was-there/#comments Mon, 05 Jun 2023 22:09:29 +0000 https://arstechnica.com/?p=1945446
Someone scans their face with the Apple Vision Pro during a WWDC 2023 keynote demo reel.

Enlarge / Someone scans their face using Apple's "most advanced machine learning techniques" with the Apple Vision Pro during a WWDC 2023 keynote demo reel. (credit: Apple)

Amid impressive new products like the Apple Silicon Mac Pro and the Apple Vision Pro revealed at Monday's WWDC 2023 keynote event, Apple presenters never once mentioned the term "AI," a notable omission given that its competitors like Microsoft and Google have been heavily focusing on generative AI at the moment. Still, AI was a part of Apple's presentation, just by other names.

While "AI" is a very ambiguous term these days, surrounded by both astounding advancements and extreme hype, Apple chose to avoid that association and instead focused on terms like "machine learning" and "ML." For example, during the iOS 17 demo, SVP of Software Engineering Craig Federighi talked about improvements to autocorrect and dictation:

Autocorrect is powered by on-device machine learning, and over the years, we've continued to advance these models. The keyboard now leverages a transformer language model, which is state of the art for word prediction, making autocorrect more accurate than ever. And with the power of Apple Silicon, iPhone can run this model every time you tap a key.

Notably, Apple mentioned the AI term "transformer" in an Apple keynote. The company specifically talked about a "transformer language model," which means its AI model uses the transformer architecture that has been powering many recent generative AI innovations, such as the DALL-E image generator and the ChatGPT chatbot.

Read 14 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/at-apples-wwdc-keynote-ai-never-came-up-by-name-but-it-was-there/feed/ 72
They plugged GPT-4 into Minecraft—and unearthed new potential for AI https://arstechnica.com/?p=1944184 https://arstechnica.com/ai/2023/06/they-plugged-gpt-4-into-minecraft-and-unearthed-new-potential-for-ai/#comments Sat, 03 Jun 2023 10:54:06 +0000 https://arstechnica.com/?p=1944184
Minecraft game action

Enlarge (credit: Microsoft)

The technology that underpins ChatGPT has the potential to do much more than just talk. Linxi “Jim” Fan, an AI researcher at the chipmaker Nvidia, worked with some colleagues to devise a way to set the powerful language model GPT-4—the “brains” behind ChatGPT and a growing number of other apps and services—loose inside the blocky video game Minecraft.

The Nvidia team, which included Anima Anandkumar, the company’s director of machine learning and a professor at Caltech, created a Minecraft bot called Voyager that uses GPT-4 to solve problems inside the game. The language model generates objectives that help the agent explore the game, and code that improves the bot’s skill at the game over time.

Read 7 remaining paragraphs | Comments

]]>
https://arstechnica.com/ai/2023/06/they-plugged-gpt-4-into-minecraft-and-unearthed-new-potential-for-ai/feed/ 98
Google’s Android and Chrome extensions are a very sad place. Here’s why https://arstechnica.com/?p=1944202 https://arstechnica.com/information-technology/2023/06/injecting-strange-code-into-websites-file-snooping-google-marketplaces-are-a-mess/#comments Fri, 02 Jun 2023 21:07:33 +0000 https://arstechnica.com/?p=1944202
Google’s Android and Chrome extensions are a very sad place. Here’s why

Enlarge (credit: Photo Illustration by Miguel Candela/SOPA Images/LightRocket via Getty Images)

No wonder Google is having trouble keeping up with policing its app store. Since Monday, researchers have reported that hundreds of Android apps and Chrome extensions with millions of installs from the company’s official marketplaces have included functions for snooping on user files, manipulating the contents of clipboards, and injecting deliberately unknown code into webpages.

Google has removed many but not all of the malicious entries, the researchers said, but only after they were reported, and by then, they were on millions of devices—and possibly hundreds of millions. The researchers aren’t pleased.

A very sad place

“I’m not a fan of Google’s approach,” extension developer and researcher Wladimir Palant wrote in an email. In the days before Chrome, when Firefox had a bigger piece of the browser share, real people reviewed extensions before making them available in the Mozilla marketplace. Google took a different approach by using an automated review process, which Firefox then copied.

Read 22 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/injecting-strange-code-into-websites-file-snooping-google-marketplaces-are-a-mess/feed/ 131
Air Force denies running simulation where AI drone “killed” its operator https://arstechnica.com/?p=1943964 https://arstechnica.com/information-technology/2023/06/air-force-denies-running-simulation-where-ai-drone-killed-its-operator/#comments Fri, 02 Jun 2023 16:21:58 +0000 https://arstechnica.com/?p=1943964
An armed unmanned aerial vehicle on runway, but orange.

Enlarge / An armed unmanned aerial vehicle on runway, but orange. (credit: Getty Images)

Over the past 24 hours, several news outlets reported a now-retracted story claiming that the US Air Force had run a simulation in which an AI-controlled drone "went rogue" and "killed the operator because that person was keeping it from accomplishing its objective." The US Air Force has denied that any simulation ever took place, and the original source of the story says he "misspoke."

The story originated in a recap published on the website of the Royal Aeronautical Society that served as an overview of sessions at the Future Combat Air & Space Capabilities Summit that took place last week in London.

In a section of that piece titled "AI—is Skynet here already?" the authors of the piece recount a presentation by USAF Chief of AI Test and Operations Col. Tucker "Cinco" Hamilton, who spoke about a "simulated test" where an AI-enabled drone, tasked with identifying and destroying surface-to-air missile sites, started to perceive human "no-go" decisions as obstacles to achieving its primary mission. In the "simulation," the AI reportedly attacked its human operator, and when trained not to harm the operator, it instead destroyed the communication tower, preventing the operator from interfering with its mission.

Read 6 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/air-force-denies-running-simulation-where-ai-drone-killed-its-operator/feed/ 109
“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware https://arstechnica.com/?p=1943622 https://arstechnica.com/information-technology/2023/06/clickless-ios-exploits-infect-kaspersky-iphones-with-never-before-seen-malware/#comments Thu, 01 Jun 2023 17:25:30 +0000 https://arstechnica.com/?p=1943622
“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware

Enlarge

Moscow-based security firm Kaspersky has been hit by an advanced cyberattack that used clickless exploits to infect the iPhones of several dozen employees with malware that collects microphone recordings, photos, geolocation, and other data, company officials said.

“We are quite confident that Kaspersky was not the main target of this cyberattack,” Eugene Kaspersky, founder of the company, wrote in a post published on Thursday. “The coming days will bring more clarity and further details on the worldwide proliferation of the spyware.”

According to officials inside the Russian National Coordination Centre for Computer Incidents, the attacks were part of a broader campaign by the US National Security Agency that infected several thousand iPhones belonging to people inside diplomatic missions and embassies in Russia, specifically from those located in NATO countries, post-Soviet nations, Israel, and China. A separate alert from the FSB, Russia's Federal Security Service, alleged Apple cooperated with the NSA in the campaign. An Apple representative denied the claim.

Read 12 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/clickless-ios-exploits-infect-kaspersky-iphones-with-never-before-seen-malware/feed/ 115
Asus will offer local ChatGPT-style AI servers for office use https://arstechnica.com/?p=1943525 https://arstechnica.com/information-technology/2023/06/asus-plans-on-site-chatgpt-like-ai-server-rentals-for-privacy-and-data-control/#comments Thu, 01 Jun 2023 16:00:46 +0000 https://arstechnica.com/?p=1943525
The ASUS logo in front of an AI-generated background.

Enlarge / The ASUS logo in front of an AI-generated background. (credit: ASUS / Stable Diffusion)

Taiwan's Asustek Computer (known popularly as "Asus") plans to introduce a rental business AI server that will operate on-site to address security concerns and data control issues from cloud-based AI systems, Bloomberg reports. The service, called AFS Appliance, will feature Nvidia chips and run an AI language model called "Formosa" that Asus claims is equivalent to OpenAI's GPT-3.5.

Asus hopes to offer the service at about $6,000 per month, according to Bloomberg's interview with Asus Cloud and TWS President Peter Wu. The highest-powered server, based on an Nvidia DGX AI platform, will cost about $10,000 a month. The servers will be powered by Nvidia's A100 GPUs and will be owned and operated by Asus. The company hopes to provide the service to 30 to 50 enterprise customers in Taiwan at first, then expand internationally later in 2023.

"Nvidia are a partner with us to accelerate the enterprise adoption of this technology,” Wu told Bloomberg. “Before ChatGPT, the enterprises were not aware of why they need so much computing power.”

Read 4 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/06/asus-plans-on-site-chatgpt-like-ai-server-rentals-for-privacy-and-data-control/feed/ 32
Millions of PC motherboards were sold with a firmware backdoor https://arstechnica.com/?p=1943487 https://arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/#comments Thu, 01 Jun 2023 13:04:17 +0000 https://arstechnica.com/?p=1943487
Millions of PC motherboards were sold with a firmware backdoor

Enlarge (credit: BeeBright/Getty Images)

Hiding malicious programs in a computer’s UEFI firmware, the deep-seated code that tells a PC how to load its operating system, has become an insidious trick in the toolkit of stealthy hackers. But when a motherboard manufacturer installs its own hidden backdoor in the firmware of millions of computers—and doesn’t even put a proper lock on that hidden back entrance—they’re practically doing hackers’ work for them.

Researchers at firmware-focused cybersecurity company Eclypsium revealed today that they’ve discovered a hidden mechanism in the firmware of motherboards sold by the Taiwanese manufacturer Gigabyte, whose components are commonly used in gaming PCs and other high-performance computers. Whenever a computer with the affected Gigabyte motherboard restarts, Eclypsium found, code within the motherboard’s firmware invisibly initiates an updater program that runs on the computer and in turn downloads and executes another piece of software.

While Eclypsium says the hidden code is meant to be an innocuous tool to keep the motherboard’s firmware updated, researchers found that it’s implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead of Gigabyte’s intended program. And because the updater program is triggered from the computer’s firmware, outside its operating system, it’s tough for users to remove or even discover.

Read 10 remaining paragraphs | Comments

]]>
https://arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/feed/ 174
Researchers tell owners to “assume compromise” of unpatched Zyxel firewalls https://arstechnica.com/?p=1943400 https://arstechnica.com/information-technology/2023/05/researchers-tell-owners-to-assume-compromise-of-unpatched-zyxel-firewalls/#comments Wed, 31 May 2023 22:33:38 +0000 https://arstechnica.com/?p=1943400
Researchers tell owners to “assume compromise” of unpatched Zyxel firewalls

Enlarge (credit: Getty Images)

Firewalls made by Zyxel are being wrangled into a destructive botnet, which is taking control of them by exploiting a recently patched vulnerability with a severity rating of 9.8 out of a possible 10.

“At this stage if you have a vulnerable device exposed, assume compromise,” officials from Shadowserver, an organization that monitors Internet threats in real time, warned four days ago. The officials said the exploits are coming from a botnet that’s similar to Mirai, which harnesses the collective bandwidth of thousands of compromised Internet devices to knock sites offline with distributed denial-of-service attacks.

According to data from Shadowserver collected over the past 10 days, 25 of the top 62 Internet-connected devices waging “downstream attacks”—meaning attempting to hack other Internet-connected devices—were made by Zyxel as measured by IP addresses.

Read 11 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/05/researchers-tell-owners-to-assume-compromise-of-unpatched-zyxel-firewalls/feed/ 27
AI-expanded album cover artworks go viral thanks to Photoshop’s Generative Fill https://arstechnica.com/?p=1943319 https://arstechnica.com/information-technology/2023/05/ai-expanded-album-cover-artworks-go-viral-thanks-to-photoshops-generative-fill/#comments Wed, 31 May 2023 22:05:24 +0000 https://arstechnica.com/?p=1943319
An AI-expanded version of a famous album cover involving four lads and a certain road created using Adobe Generative Fill.

Enlarge / An AI-expanded version of a famous album cover involving four lads and a certain road created using Adobe Generative Fill. (credit: Capitol Records / Adobe / Dobrokotov)

Over the weekend, AI-powered makeovers of famous music album covers went viral on Twitter thanks to Adobe Photoshop's Generative Fill, an image synthesis tool that debuted in a beta version of the image editor last week. Using Generative Fill, people have been expanding the size of famous works of art, revealing larger imaginary artworks beyond the borders of the original images.

This image-expanding feat, often called "outpainting" in AI circles (and introduced with OpenAI's DALL-E 2 last year), is possible due to an image synthesis model called Adobe Firefly, which has been trained on millions of works of art from Adobe's stock photo catalog. When given an existing image to work with, Firefly uses what it knows about other artworks to synthesize plausible continuations of the original artwork. And when guided with text prompts that describe a specific scenario, the synthesized results can go in wild places.

For example, an expansion of Michael Jackson's famous Thriller album rendered the rest of Jackson's body lying on a piano. That seems reasonable, based on the context. But depending on user guidance, Generative Fill can also create more fantastic interpretations: An expansion of Katy Perry's Teenage Dream cover art (likely guided by a text suggestion from the user) revealed Perry lying on a gigantic fluffy pink cat.

Read 4 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/05/ai-expanded-album-cover-artworks-go-viral-thanks-to-photoshops-generative-fill/feed/ 95
Twitter value keeps falling under Musk, now worth a third of what he paid https://arstechnica.com/?p=1943142 https://arstechnica.com/tech-policy/2023/05/twitter-value-keeps-falling-under-musk-now-worth-a-third-of-what-he-paid/#comments Wed, 31 May 2023 15:58:41 +0000 https://arstechnica.com/?p=1943142
Elon Musk's Twitter profile displayed on a phone screen in front of a Twitter logo and a fake stock graph with an arrow pointing down.

Enlarge (credit: Getty Images | NurPhoto )

Twitter's value has reportedly dropped to about $15 billion, slightly more than one-third of the $44 billion that Elon Musk paid for it in late October 2022. The $15 billion valuation is based on Fidelity's latest analysis of its stake in the company.

"Fidelity Blue Chip Growth Fund's stake in Twitter was valued at $6.6 million as of April 28, according to the fund's monthly disclosure released Sunday," The Wall Street Journal wrote today. "That is down from about $19.7 million at the end of October, shortly after Musk's takeover, and the third time Fidelity has marked down the value of its Twitter stake, public disclosures show."

Fidelity's new calculation "puts Twitter's overall valuation at about $15 billion, or roughly a third of the deal price," the WSJ wrote. Twitter is identified in the Fidelity filing as X Holdings, the Musk-owned holding company that owns X Corp., which merged with Twitter. Fidelity's new valuation of Twitter was previously reported by Bloomberg.

Read 4 remaining paragraphs | Comments

]]>
https://arstechnica.com/tech-policy/2023/05/twitter-value-keeps-falling-under-musk-now-worth-a-third-of-what-he-paid/feed/ 696
A Snap-based, containerized Ubuntu desktop could be offered in 2024 https://arstechnica.com/?p=1943105 https://arstechnica.com/information-technology/2023/05/a-snap-based-containerized-ubuntu-desktop-could-be-offered-in-2024/#comments Wed, 31 May 2023 15:56:04 +0000 https://arstechnica.com/?p=1943105
Snap apps laid out in a grid

Enlarge / Some of the many Snap apps available in Ubuntu's Snap Store, the place where users can find apps and Linux enthusiasts can find deep-seated disagreement. (credit: Canonical)

[Update, 2:00 pm ET, May 31: Ubuntu published a blog post about its Ubuntu Core desktop work after this Ars Technica post was published. Noting that Snaps "are a little famous for having some rough edges on the desktop," Product Manager Oliver Smith writes that, "[n]evertheless, we are excited to explore the idea of a fully containerised [UK sic] desktop, where each component is immutable and isolated." Ubuntu, Smith writes, has been "steadily improving" desktop snaps, and, "in due course, when we think the entire system can be delivered this way," a desktop Core version will be offered.

Ubuntu's post suggests that a Core-based desktop would allow for "secure boot, recovery states and hardware backed encryption," experiments "with alternative desktop environment snaps," and opting in to certain kernel channels, such as those with the latest NVIDIA drivers. Original post follows.]

Ubuntu Core has existed since 2014, providing a fully containerized, immutable Linux distribution aimed at Internet of Things (IoT) and edge computing applications. Each piece of the system contains all the dependencies it requires, and just enough of its own tiny Linux architecture, that applications are largely sandboxed from one another, providing better security and, in theory, stability and ease of upgrades and rollbacks.

Read 6 remaining paragraphs | Comments

]]>
https://arstechnica.com/information-technology/2023/05/a-snap-based-containerized-ubuntu-desktop-could-be-offered-in-2024/feed/ 70