News

3644 Articles

3D Design With Text-Based AI

May 12, 2023 by 8 Comments

Generative AI is the new thing right now, proving to be a useful tool both for professional programmers, writers of high school essays and all kinds of other applications in between. It’s also been shown to be effective in generating images, as the DALL-E program has demonstrated with its impressive image-creating abilities. It should surprise no one as this type of AI continues to make in-roads into other areas, this time with a program from OpenAI called Shap-E which can render 3D images.

Like most of OpenAI’s offerings, this takes plain language as its input and can generate relatively simple 3D models with this text. The examples given by OpenAI include some bizarre models using text prompts such as a chair shaped like an avocado or an airplane that looks like a banana. It can generate textured meshes and neural radiance fields, both of which have various advantages when it comes to available computing power, training methods, and other considerations. The 3D models that it is able to generate have a Super Nintendo-style feel to them but we can only expect this technology to grow exponentially like other AI has been doing lately.

For those wondering about the name, it’s apparently a play on the 2D rendering program DALL-E which is itself a combination of the names of the famous robot WALL-E and the famous artist Salvador Dali. The Shap-E program is available for anyone to use from this GitHub page. Even though this code comes from OpenAI themselves, plenty are speculating that the AI revolution to come will largely come from open-source sources rather than OpenAI or Google, something for which the future is somewhat hazy.

This Week In Security: TPM And BootGuard, Drones, And Coverups

May 12, 2023 by 17 Comments

Full disk encryption is the go-to solution for hardening a laptop against the worst-case scenario of physical access. One way that encryption can be managed is through a Trusted Platform Module (TPM), a chip on the motherboard that manages the disk encryption key, and only hands it over for boot after the user has authenticated. We’ve seen some clever tricks deployed against these discrete TPMs, like sniffing the data going over the physical traces. So in theory, an integrated TPM might be more secure. Such a technique does exist, going by the name fTPM, or firmware TPM. It uses a Trusted Execution Environment, a TEE, to store and run the TPM code. And there’s another clever attack against that concept (PDF).

It’s chip glitching via a voltage fault. This particular attack works against AMD processors, and the voltage fault is triggered by injecting commands into the Serial Voltage Identification Interface 2.0 (SVI2). Dropping the voltage momentarily to the AMD Secure Processor (AMD-SP) can cause a key verification step to succeed even against an untrusted key, bypassing the need for an AMD Root Key (ARK) signed board firmware. That’s not a simple process, and pulling it off takes about $200 of gear, and about 3 hours. This exposes the CPU-unique seed, the board NVRAM, and all the protected TPM objects.

So how bad is this in the real world? If your disk encryption only relies on an fTPM, it’s pretty bad. The attack exposes that key and breaks encryption. For something like BitLocker that can also use a PIN, it’s a bit better, though to really offer more resistance, that needs to be a really long PIN: a 10 digit PIN falls to a GPU in just 4 minutes, in this scenario where it can be attacked offline. There is an obscure way to enable an “enhanced PIN”, a password, which makes that offline attack impractical with a secure password.

And if hardware glitching a computer seems to complicated, why not just use the leaked MSI keys? Now to be fair, this only seems to allow a bypass of Intel’s BootGuard, but it’s still a blow. MSI suffered a ransomware-style breach in March, but rather than encrypt data, the attackers simply threatened to release the copied data to the world. MSI apparently refused to pay up, and source code and signing keys are now floating in the dark corners of the Internet. There have been suggestions that this leak impacts the entire line of Intel processors, but it seems likely that MSI only had their own signing keys to lose. But that’s plenty bad, given the lack of a revocation system or automatic update procedure for MSI firmware. Continue reading “This Week In Security: TPM And BootGuard, Drones, And Coverups”

Leaked Internal Google Document Claims Open Source AI Will Outcompete Google And OpenAI

May 5, 2023 by 37 Comments

In the world of large language models (LLM), the focus has for the longest time been on proprietary technologies from companies such as OpenAI (GPT-3 & 4, ChatGPT, etc.) as well as increasingly everyone from Google to Meta and Microsoft. What’s remained underexposed in this whole discussion about which LLM will do more things better are the efforts by hobbyists, unaffiliated researchers and everyone else you may find in Open Source LLM projects. According to a leaked document from a researcher at Google (anonymous, but apparently verified), Google is very worried that Open Source LLMs will wipe the floor with both Google’s and OpenAI’s efforts.

According to the document, after the open source community got their hands on the leaked LLaMA foundation model, motivated and highly knowledgeable individuals set to work to take a fairly basic model to new levels where it could begin to compete with the offerings by OpenAI and Google. Major innovations are the scaling issues, allowing these LLMs to work on far less powerful systems (like a laptop or even smartphone).

An important factor here is Low-Rank adaptation (LoRa), which massively cuts down the effort and resources required to train a model. Ultimately, as this document phrases it, Google and in extension OpenAI do not have a ‘secret sauce’ that makes their approaches better than anything the wider community can come up with. Noted is also that essentially Meta has won out here by having their LLM leak, as it has meant that the OSS community has been improving on the Meta foundations, allowing Meta to benefit from those improvements in their products.

The dire prediction is thus that in the end the proprietary LLMs by Google, OpenAI and others will cease to be relevant, as the open source community will have steamrolled them into fine, digital dust. Whether this will indeed work out this way remains to be seen, but things are not looking up for proprietary LLMs.

(Thanks to [Mike Szczys] for the tip)

This Week In Security: Oracle Opera, Passkeys, And AirTag RFC

May 5, 2023 by 10 Comments

There’s a problem with Opera. No, not that kind of opera. The Oracle kind. Oracle OPERA is a Property Management Solution (PMS) that is in use in a bunch of big-name hotels around the world. The PMS is the system that handles reservations and check-ins, talks to the phone system to put room extensions in the proper state, and generally runs the back-end of the property. It’s old code, and handles a bunch of tasks. And researchers at Assetnote found a serious vulnerability. CVE-2023-21932 is an arbitrary file upload issue, and rates at least a 7.2 CVSS.

It’s a tricky one, where the code does all the right things, but gets the steps out of order. Two parameters, jndiname and username are encrypted for transport, and the sanitization step happens before decryption. The username parameter receives no further sanitization, and is vulnerable to path traversal injection. There are two restrictions to exploitation. The string encryption has to be valid, and the request has to include a valid Java Naming and Directory Interface (JNDI) name. It looks like these are the issues leading Oracle to consider this flaw “difficult to exploit vulnerability allows high privileged attacker…”.

The only problem is that the encryption key is global and static. It was pretty straightforward to reverse engineer the encryption routine. And JDNI strings can be fetched anonymously from a trio of endpoints. This lead Assetnote to conclude that Oracle’s understanding of the flaw is faulty, and a much higher CVSS score is appropriate. Particularly with this Proof of Concept code, it is relatively straightforward to upload a web shell to an Opera system.

The one caveat there is that an attacker has to get network access to that install. These aren’t systems intended to be exposed to the internet, and my experience is that they are always on a dedicated network connection, not connected to the rest of the office network. Even the interconnect between the PMS and phone system is done via a serial connection, making this network flaw particularly hard to get to. Continue reading “This Week In Security: Oracle Opera, Passkeys, And AirTag RFC”

Virgin Galactic Cautiously Returns To Flight

May 4, 2023 by 32 Comments

After Richard Branson delivered some inspiring words from his seat aboard SpaceShipTwo Unity, he unbuckled himself and started to float around the vehicle’s cabin along with three other Virgin Galactic employees. Reaching an apogee of 86 kilometers (53 miles), the passengers enjoyed four minutes of weightlessness during the July 2021 flight that was live-streamed over the Internet to an audience of millions. After years of delays, SpaceShipTwo had finally demonstrated it was capable of taking paying customers to the edge of space. As far as victories go — it was pretty impressive.

Yet despite the spectacle, weeks and months went by without an announcement about when commercial flights of the world’s first “spaceline” would finally begin. Now, nearly two years after Branson’s flight, Unity has flown again. Except instead of carrying the first group of customers, it performed the sort of un-powered test flight that Virgin Galactic hasn’t performed since 2017. Clearly, something didn’t go to plan back then.

Richard Branson aboard Unity

The company is being as tight-lipped as ever, saying only that this test flight was necessary to “evaluate the performance of the spaceship…following the modification period.” The exact nature of these modifications is unclear, but for some hints, we could look at the New Yorker article from September 2021. It alleged that, unwilling to derail Branson’s highly publicized flight, Unity’s pilots decided not to abort their ascent despite several warning lights in the cockpit alerting them that the vehicle’s trajectory was deviating from the norm. Virgin Galactic later denied their characterization of the event, but the fact remains that Unity did leave its designated airspace during the flight, and that the Federal Aviation Administration grounded the spacecraft until an investigation into the mishap could be completed. Continue reading “Virgin Galactic Cautiously Returns To Flight”

NASA’s Curiosity Mars Rover Gets A Major Software Upgrade

May 2, 2023 by 21 Comments

Although the Curiosity rover has been well out of the reach of human hands since it touched down on Mars’ surface in 2012, this doesn’t mean that it isn’t getting constant upgrades. Via its communication link with Earth it receives regular firmware updates, with the most recent one being the largest one since 2016. In addition to code clean-up and small tweaks to message formats, this new change should make Curiosity both smarter and have its wheels last longer.

The former helps to avoid the long idle times between navigating, as unlike its younger sibling, Curiosity does not have the dedicated navigation computer for more autonomous driving. Although it won’t make the 11-year old rover as nimble as its sibling, it should shorten these pauses and allow for more navigating and science to be done. Finally, the change to reduce wear on the wheels is fairly simple, but should be rather effective: this affects the amount of steering that Curiosity needs to do while driving in an arc.

With these changes in place, Curiosity should be all ready to receive its newest sibling as it arrives in a few years along with even more Mars helicopters.

Getting Ready For Act 2 Of The Great American Eclipse

May 2, 2023 by 41 Comments

It seems like only yesterday that the “Great American Eclipse” swept from coast to coast, and for those who were lucky enough to watch it from along the path of totality, it was a true life experience. No natural phenomenon can compete with the beauty of a total solar eclipse, and if there’s one thing I heard more than anything else in those golden moments after the Sun returned from behind the Moon, it was, “When’s the next one?” Everyone wanted to do it again, and for good reason.

Back in 2017, that question was kind of rhetorical; everyone knew the next eclipse to cross the United States was a mere seven years off. For me personally, the passage of time has not dampened my enthusiasm for eclipses one bit, and I suspect the feeling is mutual among the many people who gazed in wonder and childlike glee at the celestial proceedings of 2017. But except for the very lucky who live within the path of totality, mounting an expedition that optimizes the viewing experience takes preparation. Now that we’re a little less than a year away for the next one, it’s time to get geared up and make plans for the 2024 eclipse.

Where and When?

The 2017 eclipse’s “Great American Eclipse” moniker was well earned, as the continental United States was the sole beneficiary of the view. This time around, the US isn’t the only country along the path; Mexico and Canada will also get in on the fun. In fact, Mexico may well be the best place to watch the eclipse from, but more on that later. Continue reading “Getting Ready For Act 2 Of The Great American Eclipse”