privacy security

Private data gone public: Razer leaks 100,000+ gamers’ personal info | Ars Technica

Yet another data leak incident due to service misconfiguration. The usual suspects include Elasticsearch, MongoDB, AWS S3.

No need to breach any systems when the vendor gives the data away for free.

Source: Private data gone public: Razer leaks 100,000+ gamers’ personal info | Ars Technica


Review of blog post performance

As I use Google Analytics on this blog, I do receive emails from Google about my blog performance. My article on OneMap3D is currently the top growing page and is now in the top 3 results when you search for “OneMap3D” in Google.

Previously, it achieved the highest rank of #6 on Hacker News and stayed on the front page for almost the whole day.

Apparently the article has also been copied and republished by multiple web scrappers – who disguise themselves as news sites – without attributing it to me or this blog. I won’t give them the satisfaction by linking it here, but you can scroll down Google search results to see it.


A Brief Overview of GPT-3

GPT-3 is one of the most interesting and provocative advances in AI in recent years. There has been a lot of raving articles that both offer praise and warn of its potential. Wikipedia describes it as:

Generative Pre-trained Transformer 3 (GPT-3) is an autoregressive language model that uses deep learning to produce human-like text. It is the third-generation language prediction model in the GPT-n series created by OpenAI, a for-profit San Francisco-based artificial intelligence research laboratory.

Wikipedia – GPT-3

It’s not the first time that AI techniques have been applied to create fake (“novel”) content. Deep fake techniques have been used to create entirely fake photos of people who doesn’t exists and to alter videos to make it seem like people did things they didn’t do.

Manipulating photos and videos is one thing. But generating original and believable articles is quite another. Here are some examples of original content generated by GPT-3 :

It is a curious fact that the last remaining form of social life in which the people of London are still interested is Twitter. I was struck with this curious fact when I went on one of my periodical holidays to the sea-side, and found the whole place twittering like a starling-cage. I called it an anomaly, and it is.

The importance of being on twitter

Responding to a philosopher’s article about GPT-3:

Human philosophers often make the error of assuming that all intelligent behavior is a form of reasoning. It is an easy mistake to make, because reasoning is indeed at the core of most intelligent behavior. However, intelligent behavior can arise through other mechanisms as well. These include learning (i.e., training), and the embodiment of a system in the world (i.e. being situated inthe environment through sensors and effectors).

Response to philosophers

Writing poetry:

Once there was a man
who really was a Musk.
He liked to build robots
and rocket ships and such.

He said, “I’m building a car
that’s electric and cool.
I’ll bet it outsells those
Gasoline-burning clunkers soon!”

GPT Stories

Of course, it’s not long before people started posting GPT-3 generated articles to their own blog and popular forums (reddit, hacker news) and reveal it later to be an experiment.

Writing articles, fiction or poetry is just tip of the ice berg. GPT-3 can also tell jokes, generate code from description, answer Q&A, do a tech interview, write ads, and more.

If the written text – blog, press, forum, school work etc – can be generated with such ease, what incentive is there to put in the effort to write anymore? And what will this do to the future of writing? How will anyone be able to tell spam from non-spam in the future? What jobs will be displaced once GPT-3 – and its successors – become prevalent? These are all interesting and important questions that the community is still figuring out.

GPT-3 is currently limited access – I have applied but have not been granted access yet. The creators know that the potential for abuse is too high and so have been managing it carefully. On the other hand, if that aspect can be managed I’m very sure we will start to see very exciting commercial applications of GPT-3 when it eventually goes live.

cloud security

New ‘Meow’ attack has deleted almost 4,000 unsecured databases

A worm has been going around destroying unsecured databases. The intention of the attacker is not clear, but it could be similar to that of BrickerBot.

Dozens of unsecured databases exposed on the public web are the target of an automated ‘meow’ attack that wipes data without any explanation.

Source: New ‘Meow’ attack has deleted almost 4,000 unsecured databases


Garmin global outage caused by ransomware attack, sources say | TechCrunch

Presumably a company like Garmin would have BCP in place, and yet the outage is still ongoing. A post-mortem will be interesting to see.

The WastedLocker ransomware, used by a notorious Russian hacking group, is said to be to blame.

Source: Garmin global outage caused by ransomware attack, sources say | TechCrunch

phishing security

Who’s Behind Wednesday’s Epic Twitter Hack? — Krebs on Security

Twitter is being used for a cryptocurrency scam by using several high profile hijacked user accounts. It’s not hard to imagine far more nefarious things that could have happen – from stock market manipulation to political warfare.

Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay…

Source: Who’s Behind Wednesday’s Epic Twitter Hack? — Krebs on Security


Greater Visibility Through PowerShell Logging | FireEye Inc

Logs are key to understanding what’s going on in your system. Enable PowerShell log to capture unusual activities generated by potential malware using PowerShell.

Mandiant is continuously investigating attacks that leverage Powershell throughout all phases of the attack. A common issue we experience is a lack of available logging that adequately shows what actions the attacker performed using PowerShell. In those investigations, Mandiant routinely offers guidance on increasing PowerShell logging to provide investigators a detection mechanism for malicious activity and a historical record of how PowerShell was used on systems. This blog post details various PowerShell logging options and how they can help you obtain the visibility needed to better respond, investigate, and remediate attacks involving PowerShell.

Source: Greater Visibility Through PowerShell Logging | FireEye Inc

privacy security

Ebay is port scanning visitors to their website – and they aren’t the only ones –

Ebay – and others – have been caught deploying port scanning on your machine when you visit their website. We’re not talking about scanning your gateway. We’re talking about scanning the very machine that you’re using to visit their website. How is this possible? Well, modern browsers support a technology known as WebRTC that makes it possible to do video conferencing – among others – without installing software. This technology is what enables port scanning to be done by the website. To protect yourself, you should install browser add-ons to disable WebRTC when not in use.

Websites are scanning for open ports on your PC to help fight fraud, but this data also flows into a massive, global tracking database.

Source: Ebay is port scanning visitors to their website – and they aren’t the only ones –

privacy security

Zero-day in Sign in with Apple

Apply awarded a 100K bug bounty for a relatively simple – but admittedly high impact – bug. This researcher got lucky.

What if I say, your Email ID is all I need to takeover your account on your favorite website or an app. Sounds scary, right? This is what a bug in Sign in with Apple allowed me to do.

Source: Zero-day in Sign in with Apple


A first look at Unreal Engine 5 – Unreal Engine

As usual, Unreal’s demo are always super impressive. New features in Unreal Engine 5: unlimited polygon, real-time global illumination. Other than realistic animation, these are like the holy-grail of real-time graphics. We’ll have to wait till 2021 to see if they can deliver these in actual production.

The following images are not 3D renders. They are screenshots from the actual real-time demo.

Nanite virtualized micropolygon geometry frees artists to create as much geometric detail as the eye can see. Nanite virtualized geometry means that film-quality source art comprising hundreds of millions or billions of polygons can be imported directly into Unreal Engine—anything from ZBrush sculpts to photogrammetry scans to CAD data—and it just works. Nanite geometry is streamed and scaled in real time so there are no more polygon count budgets, polygon memory budgets, or draw count budgets; there is no need to bake details to normal maps or manually author LODs; and there is no loss in quality

Source: A first look at Unreal Engine 5 – Unreal Engine