Group items tagged

" 'Serious concerns' about DWP's use of AI to read correspondence from benefit claimants White mail system handles 'highly sensitive personal data' and people not told it is processing their information AI prototypes for UK welfare system dropped as officials lament 'false starts' Robert Booth UK technology editor Mon 27 Jan 2025 05.00 GMT Share When your mailbag brims with 25,000 letters and emails every day, deciding which to answer first is daunting. When lurking within are pleas for help from some of the country's most vulnerable people, the stakes only get higher. That is the challenge facing the Department for Work and Pensions (DWP) as correspondence floods in from benefit applicants and claimants - of which there are more than 20 million, including pensioners, in the UK. The DWP thinks it may have found a solution in using artificial intelligence to read it all first - including handwritten missives. Human reading used to take weeks and could leave the most vulnerable people waiting for too long for help. But "white mail" is an AI that can do the same work in a day and supposedly prioritise the most vulnerable cases for officials to get to first."

"As more governments turn to contact tracing apps to aid in their efforts to contain the coronavirus outbreak, cybersecurity experts are warning this may spark renewed interest in Bluetooth attacks. They urge developers to ensure such apps are regularly tested for vulnerabilities and release patches swiftly to plug potential holes, while governments should provide assurance that their databases are secure and the data collected will not be used for purposes other than as originally intended. "

"To thwart such hackers, Elon Musk's OpenAI and Pennsylvania State University released a new tool this week called "cleverhans," that lets artificial intelligence researchers test how vulnerable their AI is to adversarial examples, or purposefully malicious data meant to confuse the algorithms. Once the vulnerability has been found, a defense to the attack can automatically be applied."

"Security Analysis of Emerging Smart Home Applications demonstrates how Samsung's SmartThings platform may be especially vulnerable to hackers. "

"The first and most obvious explanation for older internet users' increased vulnerability to misinformation is the effect of aging on the brain. A huge body of research has demonstrated that the same factors that make older Americans susceptible to financial scams - lower impulse control, slower cognitive function, higher rates of social isolation - also make them vulnerable to misinformation. "

"The flaw, dubbed "Log4Shell", may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across the industry and the government. Unless it is fixed, it grants criminals, spies and programming novices alike, easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more."

"KataGo's world-class AI learned Go by playing millions of games against itself. But that still isn't enough experience to cover every possible scenario, which leaves room for vulnerabilities from unexpected behavior. "KataGo generalizes well to many novel strategies, but it does get weaker the further away it gets from the games it saw during training," says Gleave. "Our adversary has discovered one such 'off-distribution' strategy that KataGo is particularly vulnerable to, but there are likely many others.""

"Researcher Billy Rios (previously) has extended his work on vulnerabilities in hospital drug pumps, discovering a means by which their firmware can be remotely overwritten with new code that can result in lethal overdoses for patients. "

"And these machines' vulnerabilities to hacking are "terrifying", Sarah Teale, co-director along with Simon Ardizzone and Russell Michaels, told the Guardian. America's current election infrastructure is, as Kill Chain explains, a prescription for disaster - an outdated, willfully naive system no more prepared for attack than four years ago."

"Facebook will rely on users to report fake news despite evidence that suggests users have a difficult time assessing or identifying fake news. Teens seem to be especially vulnerable to fake news. A recent study by researchers at Stanford found that middle and high school students have a difficult time detecting fake news from real news, or detecting bias in tweets and Facebook statuses."

"Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of "ghost drivers" that can monitor the drivers around them-an exploit that could be used to track Waze users in real-time. They proved it to me by tracking my own movements around San Francisco and Las Vegas over a three-day period."

"The malware was delivered through multiple ad networks, and used a number of vulnerabilities, including a recently-patched flaw in Microsoft's former Flash competitor Silverlight, which was discontinued in 2013. When the infected adverts hit users, they redirect the page to servers hosting the malware, which includes the widely-used (amongst cybercriminals) Angler exploit kit. That kit then attempts to find any back door it can into the target's computer, where it will install cryptolocker-style software, which encrypts the user's hard drive and demands payment in bitcoin for the keys to unlock it."

"A cryptocurrency is only as reliable as the technology that keeps it running, and Ethereum is learning this the hard way. An attacker has taken an estimated $60 million in Ethereum's digital money (Ether) by exploiting vulnerabilities in the Decentralized Autonomous Organization, an investment collective. The raider took advantage of a "recursive call" flaw in the DAO's code-based smart contracts, which administer the funds, to scoop up Ether many times in a single pass."

"User information, including passwords, email addresses, usernames and geolocation data, was unencrypted - making it readily accessible to anyone who plugs the handset into a PC, according to a report detailing the vulnerability."

"Some are disturbed by the strategy to go "digital by default". Andrew Miller, chair of the Commons science and technology committee, wrote to Cabinet Office minister Francis Maude with concerns that "as public services go online, the government may not keep up with advances in technology and that inadequacies in government software may lead to security vulnerabilities"."

"But Computercop isn't security software -- quite the opposite; it's classic malware. The software, made in New York by a company that markets to law enforcement, is a badly designed keylogger that stores thingstyped into the keyboard -- potentially everything typed on the family PC -- passwords, sensitive communications, banking logins, and more, all stored on the hard drive, either in the clear, or with weak, easily broken encryption. And Computercop users are encouraged to configure the software to email dumps from the keylogger to their accounts (to spy on their children's activity), so that all those keystrokes are vulnerable to interception by anyone between your computer and your email server. "

"Security researchers have discovered a vulnerability in the system software used in millions of computers, opening the possibility that attackers could execute arbitrary commands on web servers, other Linux-based machines and even Mac computers."

"One of the biggest arguments against mandating backdoors in encryption is the fact that, even if you trust the United States government never to abuse that power (and who does?), other criminal hackers and foreign governments will be able to exploit the backdoor to use it themselves. A backdoor is an inherent vulnerability that other actors will attempt to find and try to use it for their own nefarious purposes as soon as they know it exists, putting all of our cybersecurity at risk. "

"The NSA's AURORAGOLD program -- revealed in newly released Snowden docs -- used plundered internal emails to compromise nearly every mobile carrier in the world, and show that the agency had planned to introduce vulnerabilities into future improvements into mobile security. "

"Durumeric leads a team of researchers at the University of Michigan that has developed scanning software called ZMap. This tool can probe the whole public Internet in under an hour, revealing information about the roughly four billion devices online. The scan results can show which sites are vulnerable to particular security flaws. In the case of FREAK, a scan was used to measure the scale of the threat before the bug was publicly announced."